5/6G Firewall preventing search terms

  • Resolved marxgal

    (@marxgal)


    1 year ago

    My website’s search puts a string like

    sitename.com/?s=”Larry+Correia”

    I was getting 403 forbidden warnings on the above term, and tracked it down to

    RewriteCond %{QUERY_STRING} (\;|’|\”|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if) [NC,OR]

    It was blocked because Correia has “or” in the word. That rule that gets added to the .htaccess file. I can fix it by putting a \b at the start and end so it has to exact match, but if the plugin updates will this be lost? Is this something that could be added permanently in a future update? It seems a little aggressive this way, and I don’t want people getting 403d just from a search.

    Working example:

    RewriteCond %{QUERY_STRING} (\;|'|\"|%22).*\b(union|select|insert|drop|update|md5|benchmark|or|and|if)\b [NC,OR]

    • This topic was modified 1 year ago by marxgal.
Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @marxgal

    Thanks for identifying this issue

    5G rules in htaccess file are implemented are as per PerishablePress.

    I wil create internal ticket for this. but you can disable 5G rules and use 6G rules as those are advanced.

    As right now 7G rules are latest and even 8G beta rules are out, I am seeing less chances to implement changes to 5G rules.

    Regards

    Thread Starter marxgal

    (@marxgal)

    Aha, I thought I was supposed to have both on since there was a switch for both. All good, that sorted it out as well. Thanks!

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @marxgal,

    Glad to know things are sorted out.

    Would you mind writing a quick five-star review on www.ads-software.com?

    https://www.ads-software.com/support/plugin/all-in-one-wp-security-and-firewall/reviews/#new-post

    Reviews also help others to make confident decisions about our plugin.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘5/6G Firewall preventing search terms’ is closed to new replies.