OWASP rule error, but OWASP Managed Rules are turned off, why?

I am getting an OWASP “rule 934100 - reason Node.js Injection Attack Matched Data: function () {” error. when trying to update a header hook in WordPress (self hosted). I have OWASP rules turned off in Managed Rules, but I’m still getting the error. Running on a self contained Azure VM, they say it’s not them (no firewall enabled there). I can’t find anything that could be implementing these rules, can you help?

Hey there!

Can you share the Ray ID and Domain name with us?

You can also create a ticket with above details and share the ticket ID here so we can take a look.


I solved this. WordPress Jetpack just introduced a new Web Application Firewall, and I guess I turned it on thinking nothing of it. Turns out it blocks ads bc of their old school javascript I guess :open_mouth: Turned it off and problem solved

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.