WAF Blocking web stories resources

  • Resolved kamasi

    (@kamasi)


    2 years, 10 months ago

    Hello,
    When I try to edit, save or post some web stories I got an error. After some tests I looked into WAF and found a lot of blocked resources.

    The firewall blocked almost all web stories requests because of a XSS and SQL vulnerability. All blocked url has _locale=user on the end

    Here are two blockeds uri:
    wp-json/web-stories/v1/fonts/?include%5B0%5D=roboto&_locale=user
    wp-json/web-stories/v1/media/2456204/?_locale=user

    Is there any way to get plugin to work without let my website vulnerable?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Pascal Birchler

    (@swissspidy)

    This sounds like a false positive in your WAF. You will need to add these URLs to your WAF’s allowlist to make things work. There is no vulnerability with these URLs.

    As we haven’t received a response, we’ll mark this topic as resolved. You can open a new support topic if you need any additional support. Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘WAF Blocking web stories resources’ is closed to new replies.

Tags