Exclude certain directories from protecting/scanning

  • Resolved kacskrz

    (@orjon)


    1 year, 4 months ago

    Hello,

    On my site (miuipolska.pl) I have a directory called /forum. Unfortunately Wordfence scans that directory and causes multiple false positives.

    When I create a topic on the forum (Invision) and I add link to another topic on the forum or YouTube, and then try to add that topic, it automatically triggers Wordfence with HTTP 403 error. I can of course flag it as false positive, but my users can’t do that.

    Example from panel:

    • URL: /forum/forum/51-rozmowy-og%C3%B3lne/
    • Parameter: request.body[topic_content]
    • 10.12.2024, 13:31:56, Allowlisted via false positive dialog
    • Blocked parameter: XSS: Cross Site Scripting w nagłówku POST: topic_content=%3Ciframe%20allowfullscreen%3D%22%22%20class%3D%22ipsEmbed_finishedLoading%22%20data-controller%3D%2…

    It happens as well in private messages and other places where you can add any embed on Invision platform.

    I want to pass all requests from /forum/ or do another solution which allows to avoid these false positives from this specific directory keeping WordPress files scanned/secured.

    Any advice?

    Thanks!

    • This topic was modified 1 year, 4 months ago by kacskrz. Reason: add ips header reason block

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    1 year, 4 months ago

    Hi @orjon, thank-you for getting in touch!

    I have seen a case of this in the past, and as Invision’s forums aren’t provided as a plugin it is necessary to disable the WAF for the directory to prevent false-positives of this nature.

    In the appropriate /forum directory create a .htaccess or .user.ini file (depending on which your site uses) and add the following line:

    auto_prepend_file = none

    This will override our auto_prepend_file directive for that folder but continue to provide protection for your WordPress installation.

    Many thanks,
    Peter.

    Thread Starter kacskrz

    (@orjon)

    1 year, 4 months ago

    It works perfectly! 🙂

    Thank you very much.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Exclude certain directories from protecting/scanning’ is closed to new replies.