a client of mine is being blocked with a “403 error forbidden” when visiting her website using an Android mobile or a tablet.
The block reason I see in the Live Traffic window is:
blocked by firewall for Total Security <= 3.3.8 – Persistent XSS at [x]
IP: 93.148.x Hostname: x.vodafonedsl.it
Browser: Chrome version 64.0 running on Android
Mozilla/5.0 (Linux; Android 7.0; SM-T585 Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.137 Safari/537.36
So why is this visit counted as a bot, instead of human?
And what is exactly the Persistent XSS protection looking for?
I can’t whitelist her IP cause it’s not a static one.
- The topic ‘False positive for Persistent XSS from mobile access’ is closed to new replies.