• Resolved rajgorjaydeep

    (@rajgorjaydeep)


    Hello,

    We are getting this error in ajax operation. When I copy that and add it in whitelist, it works fine for few days and it throws the same error again.

    To resolve this I have added in allowlist from firewall with additional parameter of header. So if I add this, it still don’t allow. Can you please help here?

    Please check this screenshots:
    https://imgur.com/a/Qc2uD9D
    https://imgur.com/a/xO9KS9a

    Thanks.

    • This topic was modified 2 years, 10 months ago by rajgorjaydeep.
Viewing 7 replies - 1 through 7 (of 7 total)
  • Hi @rajgorjaydeep

    Thanks for reaching out!

    I am sorry you are experiencing issues with the allowlist. This is a good approach to allowing certain traffic on your site.

    The allowlist values you’ve manually added can be automated with Learning Mode which would pick up the exact mix of parameters automatically to add to this section of Wordfence. This is just in case there are sometimes differently formed requests that don’t match the one that you’ve added and are causing the blocks.

    From the Wordfence Dashboard click on Manage WAF. Then you will see Basic Firewall Options > Web Application Firewall Status. Change the option to Learning Mode. Now perform the actions that were causing issues. This will help Wordfence learn that these actions are normal and it will allow them in the future. After you have finished performing the actions, switch the WAF from Learning Mode back to Enabled and Protecting. Now test to see if these actions work correctly.

    https://www.wordfence.com/help/firewall/learning-mode/ is an amazing resource for learning more about the WAF and learning mode.

    Please let me know if you’ve already tried this and how it goes?

    Thanks,

    Joshua

    Thread Starter rajgorjaydeep

    (@rajgorjaydeep)

    Hi @wfjoshc

    Thank you for the reply. I have tried the same and it adds the same request in allowlist. Can’t we allow request if there is a specific header is available? In our case, you can see there is custom header qc_glass_configurator. So whenever this is present, it should allow the request.

    I do not have problem to keeping the wordfence’s default added param i.e. request.body[pdf_data] but is there any specific reason it removes automatically?

    Thanks.

    Hi @rajgorjaydeep

    Thanks for getting back to me.

    What is generating these requests? As well what action is triggering these requests?

    Is this something an admin is doing, if so, what is happening to cause this request?

    Do you have any other security plugins or scheduled backups? These may be overwriting the settings.

    If you put any other parameter in the allowlist, is it removed? Or does only this parameter get removed?

    Once you get back to me with the information I will be able to take a closer look!

    Thanks,

    Joshua

    • This reply was modified 2 years, 10 months ago by wfjoshc.
    Thread Starter rajgorjaydeep

    (@rajgorjaydeep)

    Hi @wfjoshc

    Thank you for your reply.

    What is generating these requests? As well what action is triggering these requests?. – This is the Ajax request, the request consists the same action two times, one to get the price and if the same request is generated again, it will consist pdf data and everything will be added to cart. Whenever there is pdf data, it blocks the request. pdf data is blob data.

    Is this something an admin is doing, if so, what is happening to cause this request? – No, this requests are generated from frontend.

    Do you have any other security plugins or scheduled backups? These may be overwriting the settings. – No, I do not have any security plugins. We do not take backups but the hosting service provider does the backup but we do not needed to restore the backup.

    If you put any other parameter in the allowlist, is it removed? Or does only this parameter get removed? – We have not tested the same earlier. We have added only header field for allowing the request. As of now, both of them are there.

    Thank You.

    Hi @rajgorjaydeep

    Thanks for getting back to me!

    Please keep an eye out to see if the parameters get removed.

    If they do, we suggest changing over to the MySQli storage engine instead

    You can take a look at more information regarding this here: https://www.wordfence.com/help/advanced/constants/#waf-mysqli-storage-engine

    Please let me know how it goes?

    Thanks,

    Joshua

    Thread Starter rajgorjaydeep

    (@rajgorjaydeep)

    Hi @wfjoshc

    It was removed automatically today. I have again changed firewall status to Learning Mode and it was added. Then I changed it back to protecting.

    I have changed over to MySQLi storage engine and this request again removed from allowlist. But it is not blocked anymore. Will it be blocked after sometime or is it not blocked due to some other reason?

    Thanks.

    Hi @rajgorjaydeep

    Thanks for getting back to me!

    As of right now, it is unclear if it will be blocked again, however, please let us know if it does get blocked.

    Since it is no longer getting blocked, even if it is removed from the whitelist, it still may work as intended.

    The whitelist acts as more of an indicator that Wordfence will not attempt to look for any malicious code in that header, rather than just allowing the header to do whatever it wants.

    Please let me know if this helps.

    Thanks,

    Joshua

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘A potentially unsafe operation has been detected in your request to this site’ is closed to new replies.