Cloudflare WAF Resolution Timeline Question

  • Resolved joewnc

    (@joewnc)


    4 years, 1 month ago

    I am writing to follow up on the various reports issued/found in a few different threads regarding this plugin’s incompatibility with fairly essential rulesets in the standard Cloudflare WAF (seemingly most often noticed with the 403 response to the post to save). As I’m sure any network engineers with high traffic sites feel, disabling the security options necessary for this plugin to work is not a valid option and, as is, the plugin is unusable for any sites that require an at all significant security infrastructure.

    Is there an actual intention/effort to mitigate this issue on any specific timeline, or is it just going into a backlog as though it weren’t a fundamental problem?

    I am asking because I am the principal engineer for a national media network, and a lot of the journalists were excited to test the beta in our sandbox and have been anticipating it going live in production so they can use it. If there isn’t an existing timeline and intention to make this compatible with pretty basic WAF standards, we need to start working on a in house solution, so I appreciate any straight forward information you can supply. Thank you.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support Luckyna San

    (@luckynasan)

    @joewnc Hi there, thank you for posting this topic. We appreciate your feedback very much! Please note we are working towards a solution for the firewall issues reported and these efforts are currently tracked in this GitHub issue. We do have a development version of the plugin that includes the fix which will allow users to use templates and publish stories as expected when behind a WAF. Feel free to monitor the GitHub ticket above for the updates!

    Thread Starter joewnc

    (@joewnc)

    @luckynasan Thank you, this is exactly what I was hoping for.

    Plugin Support Luckyna San

    (@luckynasan)

    @joewnc There has been an update to the Web Stories plugin. In the new version 1.1.0 of the plugin we’ve included an experimental solution for this issue that allows you to keep using the plugin while still being fully protected by Cloudflare.

    The following are the steps to enable this experimental solution:

    1. Add define( ‘WEBSTORIES_DEV_MODE’, true ); to your **wp-config.php** file
    (somewhere before the /* That’s all, stop editing! Happy publishing. */) line)
    2. In your WordPress admin, go to **Stories** -> **Experiments**
    3. Toggle the **WAF Compatibility** checkbox and save the changes.
    4. Create a new story!

    Please note the team is stabilizing this feature in time for our 1.2.0 release so these steps will not be necessary then.

    Thanks again for posting your topic!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Cloudflare WAF Resolution Timeline Question’ is closed to new replies.

Tags