This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XSS Filtering Wordpress

I am having some difficulty with the WAF preventing access to /xmlrpc.php for my wordpress sites.

I have the WAF Rules set to have XSS filtering enabled along with an exception for /xmlrpc.php in the exceptions tab but WAF still denies access to /xmlrpc.php.

If I remove XSS filtering from the site profile /xmlrpc.php works just fine.

What am I missing?

This thread was automatically locked due to age.

0 BarryG over 10 years ago

Hi,

1. UTM version # please?

2. Does anything show up in the WAF log as blocked?

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 NW-Loki over 10 years ago

UTM Version #: 9.107-33
WAF Log Entry: 2014:01:31-01:36:17 portal reverseproxy: srcip="" localip="" size="212" user="-" host="" method="POST" statuscode="403" reason="waf" extra="Anomaly Score Exceeded (score 20): Possible XSS Attack Detected - HTML Tag Handler" time="326023" url="/xmlrpc.php" server="" referer="-" cookie="-" set-cookie="-"
Cancel
Vote Up 0 Vote Down

Cancel