Firewall blocking saving of code snippets + suggestion

  • Imagew1zad

    (@w1zad)


    1 year, 5 months ago

    Hello,

    if you are using nginx free firewall with default rules.. then it blocks saving of codesnippets because the plugin is sending the codesnippet as readable text in the request to the server

    Suggestion:
    You should not send readable code in the request. Instead use base64 to encode the snippet before sending it.. and decode when needed

Viewing 6 replies - 1 through 6 (of 6 total)
  • Thread Starter Imagew1zad

    (@w1zad)

    1 year, 5 months ago

    Image

    What to encode

    Plugin Author ImageShea Bunge

    (@bungeshea)

    1 year, 5 months ago

    Hi @w1zad,

    Thank you for your suggestion – unfortunately, the use of base64 encoding in plugins is pretty heavily frowned upon, and would likely cause code snippets to be picked up as a false positive by many security plugins and software.

    I definitely agree we need a better solution to getting around these security rules preventing snippets from saving properly, but unfortunately I don’t think base64 is a viable solution.

    Thread Starter Imagew1zad

    (@w1zad)

    1 year, 5 months ago

    Well.. the issue now is that its picked up as false positive by security software.

    Then you perhaps can send it in a binary format

    Thread Starter Imagew1zad

    (@w1zad)

    1 year, 5 months ago

    Or.. you can web encode it. That what is WordPress is doing and it does not get false positive in the firewall

    Plugin Author ImageShea Bunge

    (@bungeshea)

    1 year, 4 months ago

    Oh interesting, web encoding could indeed be a good solution. It’s definitely something we will need to investigate further.

    ImageSamir Rifai

    (@srifaia)

    11 months ago

    After installing Sucuri Firewall I can no longer edito or create codes.

    I tried to allow the following url to sucuri firewall:

    wp-admin/admin.php?page=edit-snippet

    But the firewall won’t accept ‘?’ or ‘=’ characters.

    What is the url I should whitelist?

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Firewall blocking saving of code snippets + suggestion’ is closed to new replies.