Menu

Topic-icon Edit Article Bug Causing lock out.

  • funnybugbees
  • funnybugbees's Avatar Topic Author
  • Offline
  • Junior Boarder
  • Junior Boarder
More
1 week 6 days ago #7325 by funnybugbees
Edit Article Bug Causing lock out. was created by funnybugbees
We have many articles that have embedded youtube videos in them. Whenever we edit these articles, SCP locks me out of my admin with the "The webmaster has forbidden your access to this site" error message.

Once I am able to get back in again (simply by opening another browser window and logging back in), I check the logs and there are XSS attack logs from my IP (which is whitelisted by the way).

This prevents us from editing any article which has an embedded youtube video.

attached is a photo of the log entry.

Clifton Murphy - Owner
Funny Bug Bees And Wood Works
Attachments:

Please Log in or Create an account to join the conversation.

More
1 week 6 days ago #7327 by Jose
Replied by Jose on topic Edit Article Bug Causing lock out.
Hi Clifton,

To avoid this just go to Waf configuration -> filter exceptions -> xss tab and set the'filter all tags' dropdown to No. This should solve the issue.

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • funnybugbees
  • funnybugbees's Avatar Topic Author
  • Offline
  • Junior Boarder
  • Junior Boarder
More
1 week 5 days ago - 1 week 5 days ago #7336 by funnybugbees
Replied by funnybugbees on topic Edit Article Bug Causing lock out.
Wont this also basically turn off XSS script checking and not provide protection from XSS attacks? Also there is no "Filter All Tags" drop down. There is a "Strip All Tags" drops down, is this what you meant?

Clifton Murphy - Owner
Funny Bug Bees And Wood Works
Last edit: 1 week 5 days ago by funnybugbees.

Please Log in or Create an account to join the conversation.

More
1 week 5 days ago #7337 by Jose
Replied by Jose on topic Edit Article Bug Causing lock out.

Wont this also basically turn off XSS script checking and not provide protection from XSS attacks?

No, there are many tags listed when you change the dropdown. Those tags are those most commonly used in attacks. Filtering all tags we get false positives if, as is your case, some editors add other tags (p tag for instance).

Also there is no "Filter All Tags" drop down. There is a "Strip All Tags" drops down, is this what you meant?

Yes, sorry. That what I mean.

Regards,
Jose

Please Log in or Create an account to join the conversation.

Time to create page: 0.060 seconds
Powered by Kunena Forum

Login or Sign In