This follows on from a previous post:
The CF Managed Ruleset is preventing the saving of Elementor pages (it flags a 403 error). I’ve now discovered this is specific to pages that contains an HTML widget with any script in it.
The following screenshot shows an example:
In the WAF logs the particular ruleset blocking the save process is “XSS, HTML Injection - Script Tag”.
If I disable the ruleset I’m able to save Elementor pages but I don’t want to disable a rule that then leaves a security hole.
My IP address is dynamic so it’s a real pain setting up a bypass rule based on IP each time I want to edit something.
Any suggestions on a better exception rule I could use?
I’d suggest you to whitelist your origin host / server / hosting IP address by navigating to the Security → Tools → IP Access Rules with the action “allow” for your Website and try again.
Thanks for taking the time to reply fritex. I managed to get it working based on your suggestion
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.