Support » Plugin: Wordfence Security - Firewall & Malware Scan » Requests from a friendly server cannot go through but aren’t marked as blocked

  • Resolved benratelade


    We use a plugin that needs to update our Woocommerce products by posting their data to its own endpoint.

    When the Wordfence plugin is active, requests from our server get a response of “Invalid request”. They go through fine if Wordfence is completely disabled.

    I tried turning the Firewall off, as well as switching it to “learning mode”, but neither allowed requests to work.

    The requests are actually not marked as blocked in the Live Traffic report. They simply return a 400 error.

    Any ideas on how to fix this are welcome.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author WFMattR



    It’s definitely unusual to see a 400 error like this. Do you know how the other plugin handles its requests?

    If it reads php://input to read the request’s raw body instead of using normal GET/POST requests, which is relatively rare, then setting this constant may help, at least as an immediate solution:
    define('WFWAF_DISABLE_RAW_BODY', true);

    Older versions of PHP will only let the “raw” body be read once by this method, which might cause this type of error. You can set that constant in wordfence-waf.php in the root of your site (below the comment), if you’ve set up “Extended Protection”. If you haven’t set that up, you can set it in wp-config.php, before the comment line that says “stop editing”.

    More details on the constant are available on this page:

    -Matt R

    That was spot on 😉

    The plugin uses php://input to read the body of the requests, which was rendered empty from the first “read”.

    Thanks a lot for your quick and accurate response.


Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Requests from a friendly server cannot go through but aren’t marked as blocked’ is closed to new replies.