What is the name of the domain?

revo.church

What is the error number?

403

What is the issue you’re encountering

When I try to update a page in Wordpress with PHP or a Script (for example a script to our donation services) I get a 403 error. I can see the security events page on Cloudflare blocking me. Right now my IP address shows up numerous times as being blocked when I perform that script. You can easily see many blocks. The plugin giving me the error is Breakdance and I host with Liquid Web. I’ve contacted both of them, and my host repeated. The plugin people said, “A 403 error occurs when the server (or firewall on the server) prevents an action from taking place.”

What steps have you taken to resolve the issue?

I’ve talked with the plugin makers and my host numerous times. That led me back to Cloudflare and sure enough I find the blocks there.

Reviewing our security rules, we couldn’t locate anything that would block these requests on our end, and haven’t noticed any triggered alerts for the site in our load balancer error log.

Upon curling the website directly with this post data, it definitely seems like Cloudflare is blocking the request.
Here’s an excerpt below for review:

curl -sv -d @post_data.txt ‘https://www.revo.church/yearend/?_breakdance_doing_ajax=yes&_ajax_nonce=9b53f7ac1f’ | html2text
< HTTP/2 403

Attention Required! | Cloudflare

Sorry, you have been blocked

You are unable to access revo.church

Why have I been blocked?

This website is using a security service to protect itself from online
attacks. The action you just performed triggered the security solution. There
are several actions that could trigger this block including submitting a
certain word or phrase, a SQL command or malformed data.

What can I do to resolve this?

You can email the site owner to let them know you were blocked. Please include
what you were doing when this page came up and the Cloudflare Ray ID found at
the bottom of this page.

Cloudflare Ray ID: 8f40b393191844e5 • Your IP: Click to reveal
2605:a601:a55b:a000:1ceb:3d4c:3f02:446c • Performance & security by
Cloudflare

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full

What are the steps to reproduce the issue?

Others cannot reproduce it as you’d have to have a login.
But, whenever I enter a script into a Wordpress post it returns 403.

You can review your firewall logs to determine why the request was blocked and disable / modify your rules as needed. The ray ID and IP address included in the message should help you locate the specific entry correlated to the request.

The entry will include the rule(s) blocking the request. What does it say?

I’m pretty new to Cloudflare.
I can see this block and know that it was me. But, I’m not sure what to do about it.

image999×663 22.4 KB

If you go to Security | WAF and select Advanced under Cloudflare Managed Ruleset you can search for the description (a search of PHP) will bring up the rule listed in the screenshot. You can then either disable it or create an exception using the Add Exception button next to managed rules and specify the path and rule you wish to allow.

Thanks!
I found that if I disable the “Cloudflare Managed Ruleset” I can enter code without a 403 error.
So it does have to do with that.

But, I can’t seem to figure out which specific rule is the problem. I disabled all the injection rules but it still threw a 403 error.

Any advice on figuring out which exact part of the ruleset it is?

• Jeff

The rule name is in the screenshot Rule PHP, VBulletin,jQuery.... CVE-2019-17132.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.