Soro blog generator blocked

  • Resolved cousineddie

    (@cousineddie)


    1 week, 1 day ago

    Hi, I am using Soro article generator for blog which has been working fine since I took out a subscription a month or so ago but today I manually created an article within the app portal and clicked publish but got the following error: WordPress error (403): {“code”:”wp_die”,”message”:”<h1>Access Denied<\/h1>\n<p>Your request was blocked by the security firewall.<\/p>\n”,”data”:{“status”:403},”additional_errors”:[]}

    I deactivated AIP temporarily and tried again and it published fine. How do I allow this app through the firewall? I checked the logs but its not obvious which IP I need to whitelist? I access the Soro portal via https://app.trysoro.com/ and the page that was eventually able to publish is here https://southerncomputerservices.com.au/why-does-wifi-keep-dropping-at-home/

    Thanks

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author IniLerm

    (@inilerm)

    1 week, 1 day ago

    Hi @cousineddie,

    Thanks for reaching out and providing the exact error message!

    This is a completely normal behavior. Soro generates full articles (which contain HTML tags, quotes, and formatting) and sends them to your site via the WordPress REST API. Our Web Application Firewall (WAF) inspects all incoming data, and when it sees a massive payload of HTML being injected into your site from an external server, it blocks it as a proactive defense against XSS (Cross-Site Scripting) attacks.

    Since Soro likely uses hundreds of dynamic cloud IPs, whitelisting the IP is not the best approach as it will change tomorrow. Instead, we need to tell the firewall to “trust” the specific door that Soro is using.

    Here is how to fix it in 30 seconds:

    Solution 1: Exclude the REST API from the WAF (Recommended)

    1. Go to your WordPress Dashboard -> Security -> Settings.
    2. Click on the Web Application Firewall (WAF) tab.
    3. Scroll down to the “WAF Excluded URIs” text area.
    4. Add the following line to the box: /wp-json/ (If you want to be more restrictive, you can just add /wp-json/wp/v2/posts)
    5. Click Save Settings.

    Solution 2: Use an Advanced Rule (If you know Soro’s User-Agent) If you prefer not to exclude the URI, you can go to Security > Advanced Rules and create an “ALLOW” rule.

    • IF: URI contains /wp-json/ AND User-Agent contains Soro (or whatever User-Agent Soro sends).
    • THEN: Allow. This will grant an absolute VIP pass to Soro without disabling the WAF for anyone else.

    Try Solution 1, go back to the Soro portal, and click publish again. It should go through instantly! Let me know if you need any further help.

    Plugin Author IniLerm

    (@inilerm)

    1 week, 1 day ago

    Quick follow-up @cousineddie!

    I went ahead and dug into the Soro app’s internal source code to give you the most secure and precise solution possible.

    I found that Soro doesn’t use the standard WordPress posting routes; they register their own custom REST API namespace (/soro/v1/).

    Because of this, you don’t need to whitelist the entire WordPress API in our firewall (which is great for your overall security). You only need to whitelist their specific route.

    So, in the “WAF Excluded URIs” box (Security -> Settings -> Web Application Firewall), simply add this exact line:

    /soro/v1/

    This acts as a surgical VIP pass. The firewall will stand down only when the Soro app is trying to connect, while keeping the rest of your site fully shielded against automated attacks.

    Let me know if the publishing works smoothly now!

    Thread Starter cousineddie

    (@cousineddie)

    1 week, 1 day ago

    Thankyou!

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

Tags