As soon as you are blocked, go to “NinjaFirewall > Logs”, copy the line that shows the blocked request (likely the last line in the log) and paste it here.
Thread Starter
Jason
(@jason6666h)
Thanks for your reply, the log is as follows:
06/Nov/23 10:14:17 #3208169 CRITICAL 115 172.68.118.99 POST /index.php – Cross-site scripting – [RAW:POST = {“nonce”:”9e772a2ea2″,”postId”:”9″,”action”:”bricks_render_element”,”element”:{“id”:”xntumk”,”name”:”code”,”parent”:”nlkegs”,”children”:[],”settings”:{“code”:”<?php\nwp_enqueue_script(‘bric…] – u-lohas.life
06/Nov/23 10:14:18 #6889754 CRITICAL 115 172.68.118.99 POST /wp-admin/admin-ajax.php – Cross-site scripting – [POST:element = xntumk code nlkegs <?php%0awp_enqueue_script(‘bricks-swiper’);%0awp_enqueue_style(‘bricks-swiper’);%0a?>%0a%0a<script>%0a window.addEventListener(‘load’, (event) => {%0a const blog30 = new Swiper…] – u-lohas.life
06/Nov/23 10:14:29 #1491656 CRITICAL 115 172.68.118.98 POST /wp-admin/admin-ajax.php – Cross-site scripting – [POST:content = [{“id”:”svblbv”,”name”:”section”,”parent”:0,”children”:[“wrtbze”],”settings”:{“_padding”:{“top”:”0″,”bottom”:”0″,”right”:”0″,”left”:”0″},”_width”:”100%”}},{“id”:”xbylss”,”name”:”section…] – u-lohas.life
The log shows that some <script>xxxx</script> JavaScript code is inserted in the post content.
You would need to disable rule “115” from the “NinjaFirewall > Security Rules > Rules Editor” page.
Thread Starter
Jason
(@jason6666h)
Thanks, do I need to worry about compromising security by removing security rules?
If you are the admin, you shouldn’t be blocked or need to disable any rules.
If you’re an editor (or any other roles), you cannot whitelist your role in the free version of NinjaFirewall. But you could whitelist all logged-in users, assuming you don’t allow user registration and you are the only authenticated person. If that’s not the case, you don’t have any other choices: you need to disable the corresponding rule and that will always slightly lower your security level. But the firewall still has a lot of rules and security features left to protect you.
Thread Starter
Jason
(@jason6666h)
Thank you for your reply. I confirmed that I am an administrator, but I was not excluded from the whitelist, causing the editing Brick builder to trigger the blocking rule.
I use openlitespeed+WAF mode and there are no other settings. Are there any other settings that may affect the whitelist function?
