Menu

Topic-icon 3.1.5 Aggressively Blocking Users - "Webmaster has forbidden your access"

  • Where2WheelSCP
  • Where2WheelSCP's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
2 months 1 day ago #6699 by Where2WheelSCP
Hey there,

First off, thanks for SCP, it has been working well for my site for about 2 years now; however, with update 3.1.5 SCP is blocking a significant amount of legitimate traffic. Most blocked visits are because of: "Tags stripped from string (possible XSS attack) :[POST:arg2]"

I have attached a screenshot of my firewall logs. Right now, I have the SCP Firewall disabled to resolve the issue, but what can I do to enable the firewall without blocking legitimate traffic?

Also, does the Geoblocking feature still work while the firewall is disabled?

Thanks,
-David
Attachments:

Please Log in or Create an account to join the conversation.

More
2 months 1 day ago - 2 months 1 day ago #6700 by Jose
Hi David,

Thank you very much for your confidence in my extensions.

I have done some changes in XSS filter and they are affecting some websites. To solve your issue just go to WAF Configuration -> Filter exceptions -> XSS tab and set the "Filter all tags" to No. This will look only for tags usually used in XSS attacks. Anyway I'm improving this feature to detect more attacks and I will check how to avoid false positives.

Also, does the Geoblocking feature still work while the firewall is disabled?

No, Geoblocking does not work if the firewall is disabled.

Regards,
Jose
Last edit: 2 months 1 day ago by Jose. Reason: Add more info

Please Log in or Create an account to join the conversation.

  • Where2WheelSCP
  • Where2WheelSCP's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
2 months 1 day ago #6701 by Where2WheelSCP
Thanks Jose for the quick respose!
Just to be clear, on the WAF Configuration -> Filter exceptions -> XSS tab the option is to "Strip all tags" and that is what I need to set to "No"?
Thanks,
-David

Please Log in or Create an account to join the conversation.

More
2 months 1 day ago #6702 by Jose
Yes, that is.

Regards,
Jose
The following user(s) said Thank You: Where2WheelSCP

Please Log in or Create an account to join the conversation.

Time to create page: 0.058 seconds
Powered by Kunena Forum

Login or Sign In