Wordfence Blocking Gravity Form Submissions

  • Resolved sidehustle1

    (@sidehustle1)


    9 months, 3 weeks ago

    We installed the free version of Wordfence a few months ago, but a few times a year we have a high volume of traffic of users submitting forms and applications using Gravity Forms. We just had our first round of submissions and while most users were able to submit applications, there were a handful (maybe 4 or 5) who got an error message from wordfence and were not able to save or submit their application. The applications all had several pdfs attached and it appears the pdfs may have been what were getting flagged. Can you please tell us what to do to help prevent this issue?

    The error message said:
    A potentially unsafe operation has been detected in your request to the site. Your access to this service has been limited (HTTP response 403)
    Blocked Technical Data

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @sidehustle1, thanks for getting in touch.

    To be sure you’re going to allow the correct action, I would take a look at your Live Traffic feed and filter by “Blocked” so it’s easier to find the approximate date and time these users were blocked while submitting their forms. You may find a specific firewall rule named after expanding the entry as the reason is shown in red text.

    If the block was caused by a firewall rule, there have been cases when customers needed to disable one related to uploads. There are usually 3 possible rules involved. “Malicious File Upload“, “Malicious File Upload (PHP)“, or “Malicious File Upload (Patterns)”. These rules can be found in Wordfence > All Options > Firewall Options > Advanced Firewall Options > Rules, after expanding the list.

    There are layers to how uploaded files are checked, so having to turn one of these rules off to fix your issue should still ensure malicious files are caught at a different stage of the checking process. Disabling/enabling them one-by-one can reveal exactly which one(s) can be permanently turned off to prevent the upload issue reoccurring for your users. If you have a copy of the files they were trying to upload it may make this testing more straightforward.

    If you’re given another reason in Live Traffic for the blocks and aren’t sure how to rectify it, by all means paste the text here and we can try to help you out.

    Thanks,
    Peter.

    Thread Starter sidehustle1

    (@sidehustle1)

    Thank you Peter. Through your instructions I discovered that all of the people blocked had the following rule listed: Malicious File Upload (PHP)?

    I have gone ahead and unchecked the Malicious File Upload (PHP)?rule.
    I just want to confirm that you assume this should fix this issue in future, and that our site should still be relatively secure, as other rules and checks should find any malicious files.

    Thanks for your help.

    Plugin Support wfpeter

    (@wfpeter)

    Hi @sidehustle1,

    If they were all caught by that one rule rather than a mix of reasons, I feel pretty confident they won’t be blocked when trying to upload to your form in future. The files may have been picked up as false-positives due to some of its contents resembling a suspicious string of data, easily done with PDF or image files when viewed as plain text.

    As they’re legitimate users uploading files for a reason you’re aware of in advance, there are other checks Wordfence performs on uploaded files that should keep your site protected were there to be a real threat in future.

    Thanks again,
    Peter.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Wordfence Blocking Gravity Form Submissions’ is closed to new replies.