Complianz blocked by all-in-one

  • Resolved nesoor

    (@nesoor)


    4 years, 8 months ago

    Hello WordPress memebers,

    I use the amazing plugin called Complianz | GDPR/CCPA Cookie Consent which makes my website GDPR-proof however All In One WP Security & Firewall is blocking it.

    The following rule is blocking apparently a script of Complianz: Advanced Character String Filter.
    How can I exclude the script so that I can enable “Advanced Character String Filter” and use the “Complianz” plugin ?

Viewing 15 replies - 1 through 15 (of 20 total)
  • Thread Starter nesoor

    (@nesoor)

    This is the script that is being blocked, how can I exclude this?
    https://www.domain.nl/wp-content/plugins/complianz-gdpr/assets/js/cookieconfig.min.js?ver=4.3.1

    • This reply was modified 4 years, 8 months ago by nesoor.
    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, can you disable all Firewall rules. Then carry out a test. If the plugin is not blocked then you know it is one of the Firewall rules causing this issue. If that is the case, start enabling one by one the Firewall rules and at the same time you enable one rule carry out a test. Carry out this task until you find out which Firewall rule feature is causing this conflict.

    Let me know how you go.

    Thank you

    Thread Starter nesoor

    (@nesoor)

    Hey @mbrsolution
    The problem is caused by the following firewall option: Advanced Character String Filter
    I already tested it ?? When disabled the plugin works.

    Hi @nesoor @mbrsolution,

    It is caused by the XSS rules. If we can do something at our end, let me know!

    regards Aert | Complianz

    Thread Starter nesoor

    (@nesoor)

    Hey @mbrsolution
    Did you have the time to look into my issue ?
    I can send you the login details if you like ??

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    The problem is caused by the following firewall option: Advanced Character String Filter
    I already tested it ?? When disabled the plugin works.

    For now you will have to disable this feature. This is out of our control as per the comment shared by @aahulsebos. Perhaps Aert Hulsebos can look into making some changes to the XSS rule.

    Kind regards

    Hi @mbrsolution,

    We didn’t create XSS rule, the following happens:

    complianz-gdpr/assets/js/cookieconfig.min.js will be returned with a 403 when XSS rules are enabled in All-in-one WP Security, the question is how the exclude this with All-in-One WP Security. Preferable without asking users to rewrite .htaccess.

    It would be great if this URL and complianz-gdpr-premium/assets/js/cookieconfig.min.js could be whitelisted, if possible.

    regards Aert

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Thank you for reporting back. I have submitted a message to the developers to investigate this issue further.

    Thank you

    Thread Starter nesoor

    (@nesoor)

    Hey @mbrsolution and @aahulsebos
    Thanks for the quick replies! I look forward to when the two plugins are compatible with each other. Both are very good and important plugins.

    Plugin Contributor wpsolutions

    (@wpsolutions)

    Hi @nesoor and @aahulsebos
    The firewall rules are broken up into a few separate features because not all sites will be compatible with each rule due to the diverse variations of each site’s plugins and functionality.

    The main thing to remember is that out of all the rules, the 6G rules are the best one-size-fits-all rule at the moment.
    Therefore to prevent the behaviour you are seeing, you have a couple of choices available:
    1) If the 6G rules are compatible with your site, enable that feature and disable the advanced character string rules

    Or

    2) Copy the advanced characters string rules from your .htaccess files and then disable those rules and customize them via the “custom rules” tab by removing the string which is causing the 403.

    Thread Starter nesoor

    (@nesoor)

    Hey @wpsolutions
    What is the difference between the 6G rules and the advanced character string rules ?
    Am I less protected when I only enable 6G rules and disable the advanced character string rules ?

    Thread Starter nesoor

    (@nesoor)

    Hey @wpsolutions
    I didn’t hear back from you, did you overlooked my message ?

    Plugin Contributor wpsolutions

    (@wpsolutions)

    Hi @nesoor
    Sorry for the delayed response.

    Am I less protected when I only enable 6G rules and disable the advanced character string rules ?

    No you are not necessarily less protected. The 6G rules should be the best overall protection out of all the rules currently available in this plugin.
    The 6G rules contain directives to mitigate a number of very commonly used malicious strings and access techniques by bots and other bad visitors to your site.

    Hi,

    I have the same problem here.

    I have submit a post on Complianz forum and I am supposed to add an exception into .htaccess to exclude Complianz script

    Someone would be ok to help me writing the correct rule or any hint?

    I know it could be a bit tricky but I have an ftp access + a backup of my .htaccess if needed.

    regards

    Thread Starter nesoor

    (@nesoor)

    Hey @nenesse
    I ended up disabling the advanced character string rules.
    It would be indeed much better if there was a compatibility which the Complianz.io team is willing to give, but both sides need to agree.

Viewing 15 replies - 1 through 15 (of 20 total)
  • The topic ‘Complianz blocked by all-in-one’ is closed to new replies.