Menu

Topic-icon Google Ads (gclid= tag) causing firewall entry and alert on page?

  • tadbrunye
  • tadbrunye's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
1 month 3 weeks ago - 1 month 3 weeks ago #7209 by tadbrunye
When someone visits my site via a Google Ad, Google will append "?gclid" code to the end of the url.

For example:

mysite.com/visited-page?gclid=EAIaIQobCh...IEAEYASAAEgI_9vD_BwE

That code is causing the following firewall logs, one related to the gclid, and one appears to be related to a related Google Analytics request:

Line comments :[GET:gclid]
Line comments :[REQUEST:_gac_UA-582931-5]

The same thing can happen with Facebook Ad clicks, because Facebook appends "fbclid" code to the end of the url.

The site visitor gets an alert at the top of the page when this happens, that says:

Error
A sequence has been detected that could mean a hacker attack. Your request cannot be processed.

How can this be fixed?
Last edit: 1 month 3 weeks ago by tadbrunye.

Please Log in or Create an account to join the conversation.

  • tadbrunye
  • tadbrunye's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
1 month 3 weeks ago #7210 by tadbrunye
I changed the Mode in WAF Configuration to "Alert" instead of "Strict" and at least that got rid of the message to the user.
But it's still showing up in the firewall log as an issue.

Please Log in or Create an account to join the conversation.

More
1 month 3 weeks ago #7213 by Jose
Hi tadbruyne,

Just enable the 'Easy config' in main panel of Securitycheck Pro; this will solve your issue. You can also disable the 'Line comments' filter into Waf configuration -> Filter exceptions -> SQL Injection tab -> Line comments textarea by adding a * into that field ( https://scpdocs.securitycheckextensions.com/configuration/web_firewall_config/exceptions )

Regards,
Jose

Please Log in or Create an account to join the conversation.

Time to create page: 0.060 seconds
Powered by Kunena Forum

Login or Sign In