Hi,
Could you temporarily enable it so that I can have a quick look?
Thanks, I did manage to get a look when it was disabled.
Can you try unchecking the following two items under “Firewall”
1. Bad Query Strings
2.Advanced character string filter
Does this make any difference?
Hello!
I unchecked the bad strings and it doesn’t fix the issue.
I then also unchecked the Advanced character string filter and that also didn’t fix it.
I then turned them both back on.
Hi,
I have done a bit of digging in your source code and the js console and the issue appears to be with google tag manager, specifically this js file: gtm.js?id=GTM-P6NW28D. You will also notice the 403 error on the web page itself. This relates to the REST API for GTM.
Can you go to Miscellaneous>>WP REST API and uncheck the box that is there and see if that makes any difference?
Hi, that box was never checked.
I think we are going to have to do this manual way then.
Can you deactivate all of the features of and then reactive them one by one till the issues reappears?
I clicked the button that says “Disable All Security Features” and our search started working perfectly:
https://djdeals.com/product-categories/?product_cat=&post_type=product&s=osprey+encoder
Now what?
Can you reactivate the features one by one until the problem re-appears?
Could you then let me know which particular feature is causing the issue?
Found it.
page=aiowpsec_firewall&tab=tab2
“Deny Bad Query Strings”
In your .htaccess you should see this when you have the “Deny bad query strings” activated.
# BEGIN All In One WP Security
#AIOWPS_DENY_BAD_QUERY_STRINGS_START
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{QUERY_STRING} ftp: [NC,OR]
RewriteCond %{QUERY_STRING} http: [NC,OR]
RewriteCond %{QUERY_STRING} https: [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} (\;|’|\”|%22).*(request|insert|union|declare|drop) [NC]
RewriteRule ^(.*)$ – [F,L]
</IfModule>
#AIOWPS_DENY_BAD_QUERY_STRINGS_END
# END All In One WP Security
Can you replace the Rewrite rule:
RewriteRule ^(.*)$ – [F,L]
with;
RewriteRule ^([^/\.]+)/?$ page.php?page=$1 [L,QSA]
Here is what is added:
#AIOWPS_DENY_BAD_QUERY_STRINGS_START
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{QUERY_STRING} ftp: [NC,OR]
RewriteCond %{QUERY_STRING} http: [NC,OR]
RewriteCond %{QUERY_STRING} https: [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} (\;|'|\"|%22).*(request|insert|union|declare|drop) [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>
#AIOWPS_DENY_BAD_QUERY_STRINGS_END
I changed this:
RewriteRule ^(.*)$ - [F,L]
To this:
RewriteRule ^([^/\.]+)/?$ page.php?page=$1 [L,QSA]
Looks like the search works again:
https://djdeals.com/product-categories/?product_cat=&post_type=product&s=osprey+encoder
Does this mean that the plugin needs to be updated so that the new rule will work if we were to disable and reenable it for example?
Apologies for the delay over the weekend.
If you go to firewall>>Custom Rules.
Find;
RewriteRule ^(.*)$ – [F,L]
and replace it with RewriteRule ^([^/\.]+)/?$ page.php?page=$1 [L,QSA]
and then save it, that should be enough (you should not have to disable the plugin)
When I go to that page, it’s completely blank, so I can’t edit anything…
