Wordfence xss firewall blocking rule not working

  • Hi,

    I am using Wordfence free version. Also using Ajax Search lite plugin. Xss Cross site scripting rule is enabled for WAF. But when any script code is entered in the search box, the WAF is not blocking the request and the script is getting executed. The same settings are used in the staging environment and there it is working fine.

    Can you please help on this?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @ankitavib, thanks for reaching out!

    Could you possibly show an expanded Live Traffic entry screenshot from your staging environment so we can see the rule that is successfully blocking the code? This might assist us in finding out why the live version isn’t behaving in the same way.

    If the search box is publicly available on your site, could you send a diagnostic report from the Wordfence > Tools > Diagnostics menu to us at wftest @ wordfence . com? We can check the form behavior itself that way. Click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

    Thanks,
    Peter.

    Thread Starter ankitavib

    (@ankitavib)

    Hi Peter,

    Thanks for your quick reply. Please find attached the screenshot of the staging site “Live Traffic” entry. The mail did not trigger from Tools > Diagnostic > Send by Email, so i am mailing the diagonostic file to wftest@wordfence . com .

    Staging Live Traffic screenshot here.

    Please help resolve this.

    Thanks & Regards,
    Ankita

    Plugin Support wfpeter

    (@wfpeter)

    Thanks for sending those over @ankitavib.

    The <script> insertion is seemingly being sanitized either by the search plugin or WordPress itself, so there’s no immediate concern as a valid search page is being returned, but it isn’t clear why the live site would be behaving differently to the blocks shown on your staging site.

    Is it right to assume no rules have been disabled in Wordfence > All Options > Advanced Firewall Options > Rules (“SHOW ALL RULES”) and the site hadn’t allowed these kinds of request during the period of Learning Mode after initial installation of Wordfence? You can check for these in Firewall > All Firewall Options > Allowlisted URLs.

    Thanks,
    Peter.

    Thread Starter ankitavib

    (@ankitavib)

    Hi Peter,

    Thank you so much for your recommendation. Disabling the Allowlisted URLs, in the production worked. Now XSS is blocked. But still html tags entered in the search box are executed. Can you please let me know what can be done to block that as well? This issue is there in the staging site as well.

    Thanks & Regards,
    Ankita

    Thread Starter ankitavib

    (@ankitavib)

    Hi Peter,

    Hope you are doing well. Any suggestion on the above mentioned issue?

    Thanks & Regards,
    Ankita

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.