Unresolvable 403 forbidden in admin-ajax.php

  • Resolved vision-hive

    (@vision-hive)


    6 years, 4 months ago

    Can you guys please check your code and make sure that when a request using admin-ajax.php is blocked that you provide the whitelist option VIA AJAX instead of sending html? When you send html in response to an AJAX request the user CANNOT WHITELIST.

    Thank you.

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)

  • Hi @vision-hive,

    Unfortunately, this isn’t possible. When a page sends out an AJAX request, it’s processed by the scripts of that page.

    That means it doesn’t matter what we send, we cannot produce a prompt that allows users to whitelist an action sent through AJAX. (Without editing the source-code of the page that sent out the AJAX in the first place)

    What you can do, is to go into Wordfence -> Live Traffic, and see why the request was blocked in the first place. Can you tell me what you were doing when your request was blocked?

    Dave

    Thread Starter vision-hive

    (@vision-hive)

    Hi Dave, Thanks for the reply – unfortunately I can’t know exactly what was happening because it was a client at a different location who was editing the page when the block went into effect. They say that a popup was shown to whitelist, which they clicked – and then it stopped working. I have screenshots of the various pages/errors/inspector output but I can’t post images here – how can I get them to you (if you want them)?

    Thread Starter vision-hive

    (@vision-hive)

    Oh also isn’t it possible to just queue the whitelist option so that it can be sent with the next non-ajax request, perhaps using the WordPress notification api?

    Hey again! Can you please upload the screenshots onto https://imgur.com/upload and paste the link here?

    Also the suggestion you made is possible, but that would require storing the whitelist for anytime someone breaks a rule.

    Can you also let me know what your client was doing at the time of the block?

    Thanks!

    Hi again!

    We haven’t heard back from you in a while, so I’ve gone ahead and marked this thread as resolved.

    Please feel free to open another thread if you’re still having issues with Wordfence.

    Thanks!

    Thread Starter vision-hive

    (@vision-hive)

    This just happened again, this time while I was working on it. I added a block of html with some embedded javascript, it asked me to whitelist, I whitelisted, now whenever I try to edit the section it gives me a blank page with a timestamp.

    The only way to fix this is to pull up the inspect tool, find the ajax request that is resulting in a block, inspect the response source code, copy it, save it as html, upload it somewhere to the same domain, and submit it… obviously this is insane. There are two things wrong here – this is the Wordfence bug where you come in – 1. There should never be a html whitelist page sent as the response to an ajax request because it will not be parsed/useful, and unless the user is a developer who can figure that out, they will from that point in time be blocked without recourse. 2. There shouldn’t even be a block – I already whitelisted.

    Screenshots: https://imgur.com/a/I0qXidA

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Unresolvable 403 forbidden in admin-ajax.php’ is closed to new replies.