403 error when saving Wordpress pages edited with Elementor

This follows on from a previous post:

The problem:

The CF Managed Ruleset is preventing the saving of Elementor pages (it flags a 403 error). I’ve now discovered this is specific to pages that contains an HTML widget with any script in it.

The following screenshot shows an example:

In the WAF logs the particular ruleset blocking the save process is “XSS, HTML Injection - Script Tag”.

If I disable the ruleset I’m able to save Elementor pages but I don’t want to disable a rule that then leaves a security hole.

My IP address is dynamic so it’s a real pain setting up a bypass rule based on IP each time I want to edit something.

Any suggestions on a better exception rule I could use?

I’d suggest you to whitelist your origin host / server / hosting IP address by navigating to the Security → Tools → IP Access Rules with the action “allow” for your Website and try again.

1 Like

Thanks for taking the time to reply fritex. I managed to get it working based on your suggestion :slightly_smiling_face:

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.