Wp-config.php is getting blocked

I have a web-based file manager and when I try to edit the file wp-config.php through file manager, it is getting blocked due to waf.

Tried with the page rule to disable security for a specific URL and not is not working. This problem started when the new version for WAF has been released. Any idea?

Do you have a screenshot of the block in the Firewall Activity Log as well as a screenshot of the Page Rule you configured?


Attached the screenshot of both


here is the rule

Generally speaking, you’d want for the WAF to block access to something with wp-config.php within its URI, as it’s not something that normally needs to be accessed that way.

The security level isn’t why it was blocked. It was blocked because of a WAF ruleset. Offhand, I’m not sure if the Disable Security page rule will override the Managed Rules (New) or not. The Cloudflare documentation indicates it affects WAF Managed Rules (Previous Version).

You may need to use a firewall rule instead of a page rule. Something like this, for example:

1 Like

Thanks for your suggestion. The WAF Managed rules are already moved since the option “Choose a feature (Required)” WAF-managed rules are not available in the drop-down.

@jwds1978 Here are the only options in my account.

We have this particular problem on our servers which use Plesk control panel. Editing of WP’s config is impossible as of recently, and we cannot do anything about it since we don’t have any settings in our WAF → Managed Rules yet.

Since you know the specific IP address of your origin, set your local hosts file to bypass Cloudflare by setting it to your local IP address or use Fzt P to communicate with your origins IP and edit it that way if your host supports it.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.