Hi,
I am using a custom post plugin on my wordpress website, and my CF Security Level is: High
when I use Iframe code inside the custom post type as soon as i click Publish/Edit button cloud flare blocks my POST request ( Sorry, you have been blocked )
i have checked WAF logs it shows my blocked request:
and when I use the same iframe code inside regular wordpress posts it works fine with no Block!! this only happens when i using the code inside custom post plugin, i tried to use custom page rule to set security level to Medium for the /wp-admin/post.php but it doesn’t help! any ideas what should i do to fix this? I really want to keep security level on High, thanks.
thank you sdayman! checked the article and I just disabled rule OWASP XSS Attacks -
Cross site scripting (XSS) attacks that may result in unwanted HTML being inserted into web pages.
it worked! now i can save the posts, last question is it safe to keep this rule OFF ? thank you
Please be careful with disabling WAF for an entire URL like /wp-admin/post.php
Some attacks can come to the same URL but use different request parameters, like this https://www.exploit-db.com/exploits/24988
I already deleted the custom page rule, i was trying to understand what causes the block because the iframe code that i use it is clean it just embeds a player, WAF is still enabled for entire domain just disabled rule OWASP XSS Attacks the last one.