WooCommerce 8.5.1 issues with Web Application Firewall

  • Resolved wilsher

    (@wilsher)


    11 months ago

    When will a version that fixes this error be released? I am currently using an X server, and I am dealing with this by turning off “Command countermeasures” in “WAF settings”.

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support omarfpg a11n

    (@omarfpg)

    Hi @wilsher,

    We can’t provide an ETA on this but once we have more details the post will be updated. In the meantime, can you share which hosting provider you’re using? And have you tried disabling the order attribution feature off? As I understand you’re opting to turning off a setting in your Firewall and your site is working fine, even with Order Attribution turned on, correct?

    Thanks!
    -OP

    Thread Starter wilsher

    (@wilsher)

    Thank you for your reply @omarfpg .
    Hosting provider: Xserver
    Order attribution feature: turned off
    With this setting, the site itself is working properly. I’m not comfortable turning on the order attribution feature, so I leave it off.

    • This reply was modified 11 months ago by wilsher.

    Hello @wilsher,

    I understand your concern over the issue you are experiencing.

    Just as my colleague had earlier shared, we’re unable to provide a specific timeframe for when a version that addresses this particular error will be released.

    I would recommend keeping your WooCommerce installation updated to the latest version, as updates often include bug fixes and improvements.

    You can find the latest version from this direct link here.

    I hope this helps.

    Plugin Support omarfpg a11n

    (@omarfpg)

    Hi @wilsher,

    Thanks for the additional details. Do you know what WAF ruleset Xserver uses? The false positive has been recognized by some of the most common web application firewall ruleset providers: Comodo released a patched ruleset, but OWASP currently recommends adding an exclusion rule. You can find more information in the Order Attribution Tracking documentation here:?https://woocommerce.com/document/order-attribution-tracking/#h-cookies-are-blocked-by-a-web-application-firewall-waf

    We’re also looking at changes that we can make to avoid the false positives, but will need more time to implement (and thoroughly test) them before including them in a WooCommerce release.

    In the meantime, if you are continue experiencing WAF issues after updating to the latest version of WooCommerce – Order Attribution will be enabled by default – you can disable the feature in Settings, or programmatically with PHP or the WP CLI. You can find examples for doing so in the Order Attribution Tracking documentation linked above.

    You can also keep an eye for future releases of WooCommerce here (next one coming this Tuesday!), and keep an eye on the post you shared at the beginning of this thread.

    Thanks!
    -OP

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘WooCommerce 8.5.1 issues with Web Application Firewall’ is closed to new replies.