WordFence blocking Autonami-admin calls

Hi @buildwoofunnels, thanks for getting in touch and I appreciate the research and screenshot/screenshare that you’ve provided.

I am initially wondering whether enabling Learning Mode would teach the WAF to allow the actions in future with no further user involvement. I’ve provided a link there for you to follow if it’s not already been tried.

The other option, as shown in your video, is to check the “I am certain this is a false-positive” checkbox and click the “Allowlist this action” button shown on the Wordfence blocking page. Does this cause a permanent fix or does it get flagged again next time?

Aside from the above, are the web servers for customers experiencing this issue running PHP8? I have noticed that some firewall rules can hit increased levels of false-positives on PHP8 and might be affecting things. You can discover which rule by checking the Live Traffic page after experiencing a block such as the one in your video. Expanding the entry should give a message like “blocked by firewall for XSS: Cross Site Scripting in query string…“. Let me know which one you see and we can determine whether it’s safe to turn off the rule temporarily for users seeing the problem.

I will be more than happy to seek further assistance from our development team if these tests don’t result in suppressing the issue, but those are some solutions that spring to mind when we see an increase in this kind of block.

Thanks,

Peter.

Hi Peter,

Thanks for your response.

We are yet to try the learning mode and we’d surely give it a try.

>The other option, as shown in your video, is to check the “I am certain this is a false-positive” checkbox and click the “Allowlist this action” button shown on the Wordfence blocking page. Does this cause a permanent fix or does it get flagged again next time?

We already tried this option but nothing really happens. We have to manually go to “WordFence > Tools > allow the request” to mark the call in Allowlist. Furthermore, it only unblocks the call for that particular template. If we create a new one, a new call is fired which also gets blocked. So this does not offer a permanent fix. That’s where we tried to add the autonami-admin endpoint to the allowlist. Unfortunately, it did not do the trick. Also, we cannot keep allowing every call, hence looking for some solution.

>Aside from the above, are the web servers for customers experiencing this issue running PHP8?

We are also able to replicate the same blocking issue on PHP 7.4.3. So doesn’t seem to be a PHP8-specific issue. The video that we send has the abovementioned PHP version.

>You can discover which rule by checking the Live Traffic page after experiencing a block such as the one in your video. Expanding the entry should give a message like “blocked by firewall for XSS: Cross Site Scripting in query string…“. Let me know which one you see and we can determine whether it’s safe to turn off the rule temporarily for users seeing the problem.

I believe I’ve already shared the blocked call details in this screenshot, https://imgur.com/1B6ALwD

Were you referring to anything else?

Just watching this thread. I had put Wordfence into learning mode and everything worked as it should but once I put it back into Enabled and Protecting the problems came back again. Our server is running PHP 7.4.2

Hi @jgateman Thanks for jumping in. Really appreciate it.

Could we use your help to fix this problem? We’d really appreciate your input.

If this sounds good to you, then could you please drop us an email at support@buildwoofunnels.com and tell us what setup did you follow or how did you configure WordFence on your site?

Hi @buildwoofunnels

I would be happy to. We have been dealing through your support under a different email. I will send you a direct email now and reference this thread. Thank you!

Hi @buildwoofunnels,

Thank-you for the extra information, we suspect after taking a closer look that including inline styles in the email content, which we appreciate may be hard to avoid in your plugin. The URLs include an ID number, which is why it can’t be added to the allowlist without wildcards.

One of our team is on leave until Monday to confirm whether we can safely add this kind of request to our internal allowlist to prevent compatibility problems going forward. However, I didn’t want to leave you hanging without response over the weekend so please be assured we’ll be back on this at the start of next week.

Thanks again,

Peter.

Hi Peter,

Autonami sent an update that has resolved the issue on our site. I can’t speak for others, but it is resolved with their most recent update. You may want to touch base with Pratik regarding this. Thank you for all of your help!

Hi @jgateman Thanks for sharing another confirmation and the help.

@wfpeter Thanks for all your help. I can confirm that the issue has been resolved and this thread can be closed now. We have also released the latest Autonami version with the fix as @jgateman said.

Really appreciate the efforts mates.

Have a good week and take care.