Sine a few weeks challange is fired on when i try to make a new post in wordpress. I have to whitelist my ip every day before posting new stuff on my website.
URI /wp-json/wp/v2/posts/201472?_locale=user
Type
waf
User Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36
Can you check why is that happening and fix it in your rules if there is some error there.
This is probably triggered by the OWASP ruleset in the WAF. It is fairly common - if you don’t want to whitelist your IP, you can lower the sensitivity of it under ‘Managed Rules’:
Ok, I do have a WordPress site that has exactly the same issue. I currently whitelist the IP that I am using, if you look at the challenge in your firewall events log, it should tell you exactly what rule(s) were triggered any why they got challenged, you can then look and see if you can just disable specific rules, rather than turning it completely off…
I am on mobile at the moment, but will test a bit when back at at a computer
Don’t know if yours is the same, but for me, just saving a post without my IP whitelisted triggers the rule IDs below, from various groups in the OWASP ModSecurity Core Rule Set. Short of disabling them, I am not sure what other alternatives to whitelisting your IP you have, I can confirm that even with the sensitivity set to Low, it still triggers these rules. Maybe someone else has an idea?
If you’re encountering false positive due to the WAF, there are 3 actions that you could take here:
Add the IP(s) doing the request to the IP Firewall as allowlisted, if the users connecting to your backend are always using the same IP
This is the best solution as it does not affect the site security. How do I control IP access to my site?
Disable the affected WAF rule(s)
This will reduce the security of the site, but will stop the requests from getting blocked / challenged. How do I configure the WAF?
It the rule blocking is 981176 , it means it was blocked by the OWASP rules. You need then to decrease the OWASP sensitivity: a request was blocked by rule 981176, what does that mean?
Disable the Web Application Firewall from the requested endpoint (not recommended!)
This will result in lower security, as the WAF will no longer be applicable on that location.
This action is done by using Page Rules: Understanding and Configuring Cloudflare Page Rules (Page Rules Tutorial)
I am using paid plan for years without this problem. I am more suspecting change to nginx as it act as some kind of proxy (not big expert in it but reverse proxy is term i’ve read many times).