I noticed that if the cross site scripting for WAF is enabled, it prevents users from being able to make posts on WordPress, saying that it's "forbidden".
I also see a lot of legitimate traffic from our corporate office to the site being blocked by the SQL Injection rule, for things like "wp-check-locked-posts".
I don't want to completely disable these rules, as I feel that the protection they provide is needed. However, I need the sites to function properly. I'm sure I could modify the rules manually, but would assume any updates to the UTM would revert those changes, and could have other negative impacts.
Does anyone know of a way to resolve this without disabling the rules or modifying them manually?
This thread was automatically locked due to age.
