Even with adding a Firewall Rule a path is still being blocked

Hi, any help would be great as I have asked the plugin developer and my host for help and nothing has worked.

I have a plugin : Point of Sale for Woocommerce and official Woocommerce plugin for Wordpress

I am getting this blocked by the firewall everytime;

/wp-json/wc/v3/pos_orders/

Giving this code;

100173 - XSS, HTML Injection - Script Tag

I created a Firewall Rule to accept the code but it Allows the code then blocks it straight after;

(http.request.uri contains “/wp-json/wc/v3/pos_orders/”) - Action Taken - Allow

Please see the screenshot attached.

Any help would be greatly appreciated !

Thanks!

Allow won’t make a difference in this context as that won’t exten to WAF.

You could either use Bypass instead of Allow in your firewall rule

And should that still not work you could explicitly disable WAF for that path with a page rule

Or you simply disable that rule altogether in your WAF settings.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.