Plugin Support
WFAdam
(@wfadam)
Hello @vioreleremia and thanks for reaching out to us!
Wordfence by default will block those sorts of requests unless you teach it not to. Learning Mode will most likely resolve the issue you are seeing with the 403s.
From the Wordfence Dashboard click on Manage WAF. Then you will see Basic Firewall Options > Web Application Firewall Status. Change the option to Learning Mode. Now perform the actions that were causing issues. This will help Wordfence learn that these actions are normal and it will allow them in the future. After you have finished performing the actions, switch the WAF from Learning Mode back to Enabled and Protecting. Now test to see if these actions work correctly.
https://www.wordfence.com/help/firewall/learning-mode/ is an amazing resource for learning more about the WAF and learning mode.
Let me know if that helps!
Thanks!
Thread Starter
viorel
(@vioreleremia)
It is not the problem in fixing that. It is why it is happening only for the requests from the builder. The requests are made to the samee file admin-ajax.php
but if you check other plugins they are working theey also requests to that file with the same headers. So I’m tring to understand why it is working for them and not for us.
Thread Starter
viorel
(@vioreleremia)
So far we had about ten users with this issue and we fixed with learnging mode or firewall optimization setup but they are keep comming.
On such installation I tried different plugins for example elementor and their ajax is working well so we have someething that wordfence sees it as an attack and here I need your help.
In 2- 5 days we had ten users but this can reach one hundred in a week.
this forces us to waste unnecessary time to a problem that does not exist.
Plugin Support
WFAdam
(@wfadam)
Hello again @vioreleremia
We can look into it on our end. Here are a few things that will help if you could send them to us:
1.) When the block occurs, find the blocking reason in Live Traffic
2.) After allowing it with Learning Mode, which new entries appear in the table at the bottom of the Firewall Options page
3.) If you can give specific steps that reproduce the issue, that would be most useful, e.g., if a specific block of content causes it, but others do not, that can narrow it down, especially if we can reproduce it by just installing the plugin and trying the same thing.
Thanks!
Thread Starter
viorel
(@vioreleremia)
Hi @wfadam,
I’ve been very busy the last few weeks, now I have got some time and I can inspect the issue further. So far there have been several users with this issue but they do not stop coming.
1. I don’t know that this mean: https://user-images.githubusercontent.com/3128048/100717459-bfd4d300-33c2-11eb-8e54-07af7530c202.png
I google it and found this I remember this it was fixed a few months ago
2. I enabled learning mode and played around with the editor the issue didn’t happen anymore but after turning off learning mode it was back. In the Allowlisted URLs theres nothing just No allowlisted URLs currently set.
3. The issue doesn’t happen everywhere, only happens to certain users. If you had a closed system ticket that would be great I can share the credentials of a websiete where this issue is happening
Plugin Support
WFAdam
(@wfadam)
Hello @vioreleremia
If enabling Learning Mode resolves the issue, then it’s definitely a WAF rule blocking the plugin from working.
Check your Wordfence > All Options > Allowlisted URLs and see what Learning Mode is placing there. We might be able to make some additional rules to allow ajax access here. If you could screenshot this for me.
Thanks!
Thread Starter
viorel
(@vioreleremia)
Hi @wfadam,
I did not have time to inspect this problem in more detail, so I have fixed it so far manually.
Now I have a few new cases and some time to inspect this.
The issue occurs when the user has wp installed in a subdirectory of another wp.
For example, the root folder is public_html, here we have a wp installation and wordfence installed.
A wp subdirectory installation: public_html/anotherWp
in this installation wordfence is not installed
The issue appears only here on this sub installation that does not have wordfence installed.
Enabling learning mode in the parent wp it starts working but in the Allowlisted URLs no new urls are registered, disabling learning mode the issue is back
I registered a new ajax function in the sub folder installation:
add_action( 'wp_ajax_my_action', 'tttt_my_action' );
add_action( 'wp_ajax_nopriv_my_action', 'tttt_my_action' );
function tttt_my_action() {
wp_send_json(['message' => 'good']);
}
add_action('wp_footer', function() {
?>
<script>
jQuery(document).ready(function($) {
var data = {
'action': 'my_action',
'whatever': 'whatever'
};
jQuery.post('http://enginsp.carlsontechnologiesinc.com/wp-admin/admin-ajax.php', data, function(response) {});
});
</script>
<?php
});
This ajax request is working fine. The requested headers are the same, cookies too.
And what does this mean?
Why blocked by firewall for Brizy Page Builder < 1.0.126?
I don’t know what else to try.
Users keep coming to us and we need to get rid of this.
Regards,
Viorel
-
This reply was modified 2 years, 11 months ago by
viorel.
Thread Starter
viorel
(@vioreleremia)
Hi @wfadam,
We have more and more users with this issue
can we start working on thies?
Plugin Support
WFAdam
(@wfadam)
Sorry for the late reply!
I was looking into this issue and testing.
I think one of our old WAF rules are blocking your ajax requests.
Navigate to Wordfence > All Options > Advanced Firewall Options > Rules and find the 2 rules listed for Brizy:
auth-bypass – Brizy Page Builder < 1.0.126 Improper Access Controls on AJAX Calls
auth-bypass – Brizy Page Builder < 1.0.126 Improper Access Controls on AJAX Calls
Disable these rules, then save the settings. See if these requests are still being rejected.
Let me know what you find!
Thanks again!
Thread Starter
viorel
(@vioreleremia)
Hi @wfadam,
If I disable those rules it is working.
how to do this for all users? so that they no longer reach our support.
Regards
Thread Starter
viorel
(@vioreleremia)
Hi @wfadam,
we started to receive users with regular installations
they are more and more
