[APO] WordPress + Woocommerce (OWASP)

Hey guys I’m having trouble with OWASP.
Current situation:
OWASP is enabled in this instance with Cloudflare APO.
This has only just become an issue.

Cloudflare has started flagging the string ?wc-ajax=xt_atc_single out of nowhere causing my Ajax add to cart to return a 403 error. The event log shows there’s a managed challenge in there.

The whole issue goes away when OWASP is disabled.

The sites on which I run this configuration:
Rubix Studios
Rustic World Timbers
American Yarns
Greenskin Wine

The issue appears across the list of sites, so it’s not an isolated incident. To fix this or at least bypass this without disabling OWASP do I just set the URL query string to ?wc-ajax=xt_atc_single and select bypass or URL query string to ?wc-ajax=*

Anyone have a solution or recommendation around this?

932200: RCE Bypass Technique

…c91b7247
Cloudflare OWASP Core Ruleset Score (+5)
941150: XSS Filter - Category 5: Disallowed HTML Attributes

…af661a66
Cloudflare OWASP Core Ruleset Score (+5)
942200: Detects MySQL comment-/space-obfuscated injections and backtick termination

…58ecf7e7
Cloudflare OWASP Core Ruleset Score (+5)
942260: Detects basic SQL authentication bypass attempts 2/3

…55395a78
Cloudflare OWASP Core Ruleset Score (+5)
942340: Detects basic SQL authentication bypass attempts 3/3

…feb8fadb
Cloudflare OWASP Core Ruleset Score (+5)
942430: Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (12)

…3297003f
Cloudflare OWASP Core Ruleset Score (+3)

I’ve just lowered OWASP to medium, going to see if this solves it. But any suggestions would be appreciated.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.