Hi @sureshsuthar,
Thank you for reaching out! If Wordfence is involved, the blocked attempts will be logged in Live Traffic around the time they received the 403. If there is a block, check the red block reason after expanding the entry with the eye icon in the corner.
You can filter Live Traffic by “Blocked” so it’s easier to find. You may find a specific firewall rule named after expanding the entry as the reason is shown in red text.
If the block was caused by a firewall rule and they were trying to upload an accepted file, there have been cases when customers needed to disable one related to uploads. There are usually 3 possible rules involved. “Malicious File Upload“, “Malicious File Upload (PHP)“, or “Malicious File Upload (Patterns)”. These rules can be found in Wordfence > All Options > Firewall Options > Advanced Firewall Options > Rules, after expanding the list.
There are layers to how uploaded files are checked, so having to turn one of these rules off to fix your issue should still ensure malicious files are caught at a different stage of the checking process. Disabling/enabling them one-by-one can reveal exactly which one(s) can be permanently turned off to prevent the upload issue reoccurring for your users. If you have a copy of the files they were trying to upload it may make this testing more straightforward.
If you’re given another reason in Live Traffic for the blocks and aren’t sure how to rectify it, by all means, paste the text here, and we can try to help you out.
Thanks,
Margaret
Able to resolve issue now
-
This reply was modified 8 months, 2 weeks ago by
sureshsuthar.
