Wp-config.php is being blocked by WAF

I am using CloudPanel that has a web-based file manager and when I try to edit the file wp-config.php through file manager, it is getting blocked due to waf.

I have tried to bypass it with some rules but they don’t work.

Please, see below answers and a solution for your case as it came up since before already:

Hello @fritex

I have tried these solutions before opening a new topic. Suddenly they don’t work for me. :frowning:

Have you tried with temporary pausing Cloudflare and using different Web browser while accessing the File Manager through the cPanel? :thinking:

  • Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com .
  • The link is in the lower right corner of that page.
  • Give it five minutes to take effect

Furthermore, what is CloudPanel? :thinking:

You should see the challenged/blocked firewall events in the firewall events if you navigate to the Cloudflare dashboard → Security → Overview and lookup for Firewall events for the past 24hours or so. Once you find them, click on a particular one to find more details about it (user-agent, IP, HTTP version …).

Could you share some details which service or Rule ID from WAF was triggered that blocked you? :thinking:

Nevertheless, using FTP and connecting directly to the server IP, therefore downloading & modifying and re-upliading the file should work normally.

Yes I have tried that but I am looking for a more permanent solution.

CloudPanel is a free software to configure and manage a server with an obsessive focus on simplicity.
Run static websites, PHP, Node.js and, Python applications and more.

Check more information visit cloudpanel . io

Here is a screenshot.

Thank you for your tips!

Have you tried adding your own IP or server IP to the Security → WAF → Tools → IP Access Rules? :thinking:
I’d suggest you to whitelist your origin host / server / hosting IP address by navigating to the Security → WAF → Tools → IP Access Rules with the action “allow” for your Website and try again.

Until Cloudflare doesn’t improve and doesn’t push the thing hopefully in this Q4 2022 as stated, we have to be patient and look around for any possible temporary solution.

Currently, there is no way to bypass it or a workaround as for a zone with a Free plan when we inspect for the Firewall Events, it would show “unknown rule id or could not find ruleset” or that a request is being challenged or blocked via “rule XYZ” and no option to add some exception for Managed WAF Rule. For a higher paid plans such as Pro, the WAF has got an option to add an exception or skip that detection.

Last response from Cloudflare support which I’ve got was as follows:

As an update, our engineering team is looking to rollout the WAF for everyone in Q4 this year. This would allow the free tier users to make use of the override feature in our WAF ruleset to bypass the rules.

More about it:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.