GSC Indexing Problem

  • Ivan Salloum

    (@ivansalloum1)


    2 years, 4 months ago

    Hello,

    I’m experiencing a problem with Google Search Console because of the Ninja Firewall redirecting people to the homepage once they try to visit the author page. I know it comes from the Ninja Firewall’s policy about blocking User Enumeration Attacks from author archives, but it causes an issue with GSC. They see it as a redirection to the home page. What should I do?

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author nintechnet

    (@nintechnet)

    2 years, 4 months ago

    You would need to disable the policy (Firewall Policies > Protect against username enumeration > Through the author archives) if you want bots to access it.
    Alternatively, you could whitelist the IP address(es) using the “.htninja” script: https://blog.nintechnet.com/ninjafirewall-wp-edition-the-htninja-configuration-file/?#allow_block

    Thread Starter Ivan Salloum

    (@ivansalloum1)

    2 years, 4 months ago

    Thanks for your response. What should I whitelist exactly, which IPs?

    I solved the problem anyways with a simple method. For people who use NGINX, add this block to your sites’s configuration which block user enumeration scans from the user archives page and disable it from the ninja firewall:

    location ~* {
if ( $query_string ~ "author=([0-9]*)" ) { return 403; }
}
    • This reply was modified 2 years, 4 months ago by Ivan Salloum.
    Plugin Author nintechnet

    (@nintechnet)

    2 years, 4 months ago

    Do you mean you want to block the request with a 403 code, even when it is Google, instead of the 302 redirection code returned by the firewall?
    I thought you wanted to allow only Google to access it.

    Thread Starter Ivan Salloum

    (@ivansalloum1)

    2 years, 4 months ago

    No, that’s not my point. When enumerating users, you can use ?author=1 and ?author=2. When I let Ninja Firewall handle this, it blocks these requests but it blocks also requests made to the author archive page when visiting ivansalloum.com/ivansalloum and this doesn’t make sense. To prevent enumerating users, we just need to block such requests like ?author=1 and not when people visit the author’s page that has posts listed written by him/her. That’s why I used the NGINX block to prevent user enumeration attacks and disabled it from Ninja Firewall for user archives.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘GSC Indexing Problem’ is closed to new replies.