Support » Plugin: Anti-Malware Security and Brute-Force Firewall » Unable to update one of my custom post type

  • travisiconcept

    (@travisiconcept)


    I have many custom post type created using CPT UI, but one of the cpt doesn’t allow me to update my post. Whenever, I click “update”, it will redirect me to this page with a title “FW_Traversal” and a sentence “You have been redirected here from “domain name” which is protected by GOTMLS Anti-Malware”. It does work fine if I disable “Directory Traversal Protection”. Is there anyway I can whitelist that cpt so that I don’t have to disable that protection? Thanks!

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Eli

    (@scheeeli)

    That means that one of the variables that is being posted to that page looks like a Directory Traversal attack. Can you tell me what the post URL is and what data is being posted to that page?

    In the mean time you can disable the Directory Traversal protection on the Firewall Options page of the Anti-Malware Settings in your WP Admin.

    travisiconcept

    (@travisiconcept)

    There is no post URL because the post doesn’t require an inner page. Basically all post in https://nkfs.org/support-us/volunteer-programmes/ cannot be updated unless Directory Traversal protection is disabled. The cpt has a Wysiwyg Editor and an URL created using ACF.

    I have also disabled Directory Traversal protection for you now.Do let me know if you require any other info. Thanks!

    Plugin Author Eli

    (@scheeeli)

    the URL https://nkfs.org/support-us/volunteer-programmes/ is not blocked by the Directory Traversal protection in my firewall. It is one of the URLs that your browser POSTs the update to in your wp-admin that is blocked (either post.php or admin-ajax.php) and I would need to know what variable are being posted to those URL to be able to whitelist those calls if they are not really Directory Traversal attacks. Can you please load the Network tab in your browser’s Inspector while you are clicking the update button with the firewall rule enabled so that we can see which URL is being redirected?
    Then can you also Inspect the source and copy the HTML for the <FORM> and all the inputs within it so that I can see which variable are being flagged as a Directory Traversal attack?

    You can email this information directly to me if it contains any sensitive data that you don’t want to post on this forum:
    eli AT gotmls DOT net

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Unable to update one of my custom post type’ is closed to new replies.