XSS/Code Injection CloudFlare Rule Triggered when saving WP Plugin Config

Our CMS developers are attempting to configure our Word Press site by adding the Osano Cookie Consent plugin. As such, this is done by adding a header to the site with a URL (+ API key etc), but when saving the config in Word Press, the entire domain is (temporarily) blocked to the user.

I can see the rule triggered is the Cloudflare Special rule “XSS, HTML Injection - Script Tag”

We are already whitelisting the source IPs to the URL with a wild card (subdomain.domain.com/*) but the rule is still triggered. I think this can be handled by whitelisting the source IP to the whole firewall, but might there be a better solution?

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.