Blocks legit page updates by logged in user (misread as SQL injection)
-
I had to deactivate the POST analysis as a user was blocked from editing pages. Ninja Firewall misreads them as SQL injection attempts.
This is the only user on that site (apart from me with admin account).
Some pages update fine, I couldn’t tell a difference to the blocked ones. Updating a page without any changes worked fine. The site is just articles (not even pictures, just text, pasted in from Word though). I wonder if it has something to do with the pages containing carriage return characters (maybe was pasted in from word?)26/Feb/14 17:37:39 #6960426 critical 214 ip removed POST /wp-admin/post.php - SQL injection (alter/create/drop) - [POST:content = <h1><b>The ........</b></h1>%0d%0a %0d%0a%0d%0aMmoving from the....(notice the %0d and %0a)
Couldn’t find this behaviour mentioned on the support or forum pages yet.
I can run some more tests tomorrow when the author is taking a break from editing his articles.
PS Not a huge issue for me – mainly interested in the brute force attack mitigation and that works great. Amazing app! Thanks!
- The topic ‘Blocks legit page updates by logged in user (misread as SQL injection)’ is closed to new replies.
