Blocked by DotNetNuke rule when updating WP article

I’m trying to update a WordPress blog post, but when I submit the article I get the “Sorry, you have been blocked…” message from Cloudflare. Looking up the Ray ID I see:

Service: Managed rules
Rule message: DotNetNuke - File Inclusion - CVE:CVE-2018-9126, CVE:CVE-2011-1892
Rule group: Cloudflare Specials
Action taken: Block

I’ve added a rule to our WAF to Allow my IP address and I can see that working in the Security Activity Log. But I’m still getting blocked.

How do I bypass this rule? I’m not sure what’s triggering it, I can update other articles on the blog. It’s a technical post and there is some code snippets, but nothing malicious, so it could be that? I’d rather just let it through, happy to restrict by my IP though.



Try again after deactivating Cloudflare Browser Integrity Check

Also, you can check at Zone security why the Cloudflare is blocking the request and share here.

That didn’t work but it did set me on a path that did, so thank you for replying.

If anyone else has this or something similar, the way I got round it was to create a new Firewall rule based on my IP with the action Bypass and the Feature set to WAF Managed Rules.

I actually don’t agree to bypassing the rules for fixing issue. The problem still must be there, you just bypassed it.

You will find this on the Security Tab of the Dashboard. Select WAF, then Managed Rules. Select Cloudflare Specials. The rule that is being triggered is on the first page of the results. Change the action to Disable. (I’m assuming you are not running DNN, so this should be a relatively safe option.)


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.