Menu

Topic-icon Geo Blocking do much

  • becksteiner
  • becksteiner's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
1 month 4 hours ago #7056 by becksteiner
Geo Blocking do much was created by becksteiner
Hello,
I have my Website in Austria and a friend is administrator of it but traveling often to Bangkok. She was trying to update on page as usually from Austria but was blocked. I am not quick sure how to disable it für her because she has no fixed IP.

I tryed the country selection at the Geo Blocking but this has no effect!?

What else could I try out?

Friendly regards, Robert

Please Log in or Create an account to join the conversation.

More
1 month 4 hours ago - 1 month 4 hours ago #7057 by Jose
Replied by Jose on topic Geo Blocking do much
Hi Robert,

You say she was trying to update, so she was able to access initially. Maybe there was a rule blocking her. Using the geoblocking feature ips located in selected countries/continents will be blocked, so this is not the solution. Do you have log entries in Securitycheck Pro?

Regards,
Jose
Last edit: 1 month 4 hours ago by Jose.

Please Log in or Create an account to join the conversation.

  • becksteiner
  • becksteiner's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
1 month 4 hours ago #7058 by becksteiner
Replied by becksteiner on topic Geo Blocking do much
Hello,
oh sorry, yes the firewall alerted with her ip an xss attack but it was just a content update?

Tags aus der Zeichenkette entfernt (möglicher XSS-Angriff - Webseitenübergreifendes Scripting) :[POST:jform]
<p>&nbsp;</p>
<table style="width: 100%;">
<tbody>
<tr>
<td align="left" valign="top">
<p>Wir sind während der Ordinationszeiten für Sie da.</p>
</td>
<td style="width: 30%;"><img style="vertical-align: top;" src="images/images/Urlaub.jpg" alt="Urlaub" width="100%" />&nbsp;</td>
</tr>
</tbody>
</table>
Do I have a wrong setting?
My content security rule is this:
default-src 'self' *.googleapis.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com; img-src 'self' data: *.googleapis.com *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com *.gstatic.com

Please Log in or Create an account to join the conversation.

More
1 month 4 hours ago - 1 month 4 hours ago #7059 by Jose
Replied by Jose on topic Geo Blocking do much
Since a couple of versions ago rules are also applied to administrators. Try this: go to waf configuration -> Filter exceptions -> xss tab and change the "strip all tags" dropdown to "No". This will check only dangerous tags and it should solve her issue.

Also check if the "img" tag appers in the "tags to be filtered" textarea. If so, delete it. You should get something like this:



Regards,
Jose
Attachments:
Last edit: 1 month 4 hours ago by Jose. Reason: Add more info and screenshot

Please Log in or Create an account to join the conversation.

Time to create page: 0.055 seconds
Powered by Kunena Forum

Login or Sign In