Wordfence firewall is blocking file upload on product page

  • Resolved marcrix

    (@marcrix)


    3 years, 3 months ago

    Hello,
    I have installed the acoweb “woocommerce product custom addons” plugin and have a major issue with file uploads in the frontend. When the wordfence firewall is activated and customers try to upload their image files on product page, than an upload error message occures.
    How can I avoid that file upload issue? Is there a setting for whitelist an entire plugin?
    Please help!
    Kind regards

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @marcrix,

    Yes, Learning Mode can allowlist the actions that are picked up as false-positives when a blocked function in a plugin you know to be safe to prevent you having to do this manually.

    From the Wordfence Dashboard click on Manage WAF. Then you will see Basic Firewall Options > Web Application Firewall Status. Change the option to Learning Mode. Now perform the actions that were causing issues under the same conditions. This will help Wordfence learn that these actions are normal and it will allow them in the future. After you have finished performing the actions, switch the WAF from Learning Mode back to Enabled and Protecting. Now test to see if these actions work correctly.

    Thanks,

    Peter.

    Thread Starter marcrix

    (@marcrix)

    Hi Peter,

    I switched on the learning mode for one day and performed out actions such as file uploads. Unfortunately, after setting the normal mode, it still did not work. How long should the learning mode be switched on? Is there another way how to allow this action?

    Regards

    • This reply was modified 3 years, 3 months ago by marcrix.
    Thread Starter marcrix

    (@marcrix)

    Hello again,

    I there maybe a setting to allow all actions of a specific plugin to avoid that upload issues?

    I would appreciate your help.

    Kind regards
    Marc

    Plugin Support wfpeter

    (@wfpeter)

    Hi @marcrix,

    If Learning Mode hasn’t worked as an admin, you could try as a non-admin in case different actions need to be allowlisted under those conditions. If that also doesn’t work, you may need to manually allow the blocked action using the Wordfence > All Options > Allowlisted URLs section of the plugin: https://www.wordfence.com/help/firewall/options/?utm_source=plugin&utm_medium=pluginUI&utm_campaign=docsIcon#whitelist

    You will need the parameters that are passed so that you can allowlist those here by attempting the request that fails yourself whilst viewing the “Network” tab of your browser console, which will show the full request being attempted. Here’s what to put in the inputs on the Allowlisted URLs section:

    • URL: /path/to/uploader.php
    • Param Type: Select as appropriate, possibly “POST Body” or “Query String”
    • Param Name: example_parameter_being_passed

    Don’t forget that certain filetypes need to be allowed in your WordPress settings to be uploaded, so if the error you’re receiving is NOT a Wordfence branded page, this could also be the issue. Feel free to relay the error page/message you’re seeing to me with a screenshot that can be shared here using a service such as Snipboard.

    Thanks,

    Peter.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Wordfence firewall is blocking file upload on product page’ is closed to new replies.