Request cannot be processsed

  • Resolved rockstaremperor

    (@rockstaremperor)


    2 years, 4 months ago

    Hi,

    I installed Ninja Firewall few days back. Today, I was editing the settings of Litespeed cache plugin and when I saved changes, I got the following error:

    Sorry 193.203.202.215, your request cannot be processed.
For security reasons, it was blocked and logged.

NinjaFirewall

If you believe this was an error please contact the
webmaster and enclose the following incident ID:

[ #5698676 ]

    And one more thing, when I checked above ip at https://ipinfo.io/, it shows to a different country from where I am.

    So I used a VPN but still got the same error with different ip as below

    Sorry 102.129.254.77, your request cannot be processed.
For security reasons, it was blocked and logged.

NinjaFirewall

If you believe this was an error please contact the
webmaster and enclose the following incident ID:

[ #6875268 ]

    The VPN ip I am using is “185.202.221.49” whereas the error above shows the ip as “102.129.254.77”.

    Below is the Firewall log

    #5698676  HIGH       540  193.203.202.215  POST /wp-admin/admin.php - Localhost IP in GET/POST request - [POST:object-host = localhost] - www.------.com
#6875268  HIGH       540  102.129.254.77   POST /wp-admin/admin.php - Localhost IP in GET/POST request - [POST:object-host = localhost] - www.------.com

    Please help.

Viewing 11 replies - 1 through 11 (of 11 total)
  • Thread Starter rockstaremperor

    (@rockstaremperor)

    Well, ip problem is solved now after configuring a setting in Litespeed server. But I cannot still add header/footer script nor modify cache plugin settings in WordPress dashboard. Each time, I am getting the above error.

    Plugin Author nintechnet

    (@nintechnet)

    Go to the “Firewall Policies” page, click the “Intermediate Policies” tab, scroll down to “Block localhost IP in GET/POST request” and disable it.

    Thread Starter rockstaremperor

    (@rockstaremperor)

    Thanks, it solved the cache plugin configuration. However, when editing Header/Footer scripts, I am getting the same error above. Now how do I solve this one?

    Is there any easy preset for non-technical person to just install Ninja and does not have to face any above or other errors? Before Ninja, I was using Wordfence and I never faced any such errors.

    Plugin Author nintechnet

    (@nintechnet)

    It is very unusual to be blocked by that firewall policy. In most cases, the default configuration works well.

    If you are the admin, you are whitelisted by the firewall by default.

    Thread Starter rockstaremperor

    (@rockstaremperor)

    I am the admin and I have set default settings in Ninja. I just tried again to edit Footer but still got the same block error. Following is logged in Ninja:

    22/Nov/22 01:41:57  #1648678  INFO         -     POST /wp-admin/admin-ajax.php - Sanitising user input - [HTTP_REFERER: https://www.workmoneyfun.com/wp-admin/customize.php?return=%2Fwp-admin%2Fplugins.php%3Fplugin_status%3Dall%26paged%3D1%26s] - www.workmoneyfun.com
22/Nov/22 01:42:20  #6935309  CRITICAL   115     POST /index.php - Cross-site scripting - [POST:customized = {"genesis-settings[footer_text]":"<div class=\"creds\"><p>Copyright [footer_copyright] <a href=\"https://www.workmoneyfun.com\">Work Money Fun</a> %c2%b7 <a href=\"https://www.workmoneyfu...] - www.workmoneyfun.com
22/Nov/22 01:42:33  #2696762  CRITICAL   115     POST /wp-admin/admin-ajax.php - Cross-site scripting - [POST:customize_changeset_data = {"genesis-settings[footer_text]":{"value":"<div class=\"creds\"><p>Copyright [footer_copyright] <a href=\"https://www.workmoneyfun.com\">Work Money Fun</a> %c2%b7 <a href=\"...] - www.workmoneyfun.com
22/Nov/22 01:42:45  #5295015  CRITICAL   115     POST /wp-admin/admin-ajax.php - Cross-site scripting - [POST:customize_changeset_data = {"genesis-settings[footer_text]":{"value":"<div class=\"creds\"><p>Copyright [footer_copyright] <a href=\"https://www.workmoneyfun.com\">Work Money Fun</a> %c2%b7 <a href=\"...] - www.workmoneyfun.com

    Site’s htaccess has following codes for security:

    # Protect wp-config.php
<Files wp-config.php>
	Order Allow,Deny
	Deny from all
</Files>

</IfModule>
<ifModule mod_headers.c>
Header set Connection keep-alive
</ifModule>

<IfModule LiteSpeed>
Options All -Indexes
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header append X-FRAME-OPTIONS "SAMEORIGIN"
Header always set X-Content-Type-Options "nosniff"
Header always set X-Xss-Protection "1; mode=block"
Header set Content-Security-Policy "upgrade-insecure-requests"
Header set Referrer-Policy "same-origin"
Header always set Permissions-Policy "geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);"
Header set X-Permitted-Cross-Domain-Policies "none"
ForceSecureCookie httponly secure same_site_none
ServerSignature Off
ServerTokens Prod
Header always unset "X-Powered-By"
Header unset "X-Powered-By"
</IfModule>

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
	order deny,allow
	deny from all
</Files>

    Ninja Firewall dashboard displays as:

    Firewall Dashboard
Firewall	Enabled
Mode	NinjaFirewall is running in Full WAF mode.

Edition	WP Edition ~ Need more security? Explore our supercharged premium version: NinjaFirewall (WP+ Edition)
Version	4.5.4 ~ Security rules: 2022-11-21.2
PHP SAPI	LITESPEED ~ 8.1.12
Admin user	username : You are whitelisted by the firewall.
User session	It seems that the user session set by NinjaFirewall was not found by the firewall script.
Help & configuration	Securing WordPress with NinjaFirewall (WP Edition)
    Plugin Author nintechnet

    (@nintechnet)

    That’s not normal: if you’re the admin, whatever you do is whitelisted.
    Maybe you have another plugin or theme that destroys the firewall’s PHP session.
    You can try to debug it by following that post: https://blog.nintechnet.com/ninjafirewall-php-sessions-debugging/

    Thread Starter rockstaremperor

    (@rockstaremperor)

    I was using Wordfence earlier and have completely uninstalled it few days back. Just now I uninstalled Ninja too and reinstalled Ninja. Then following the article above, I added administrator user in wp-config and got green NF in WordPress dashboard admin bar. After this, tried again to edit Footer script but again same error. And here is the log:

    22/Nov/22 07:50:16  #2159749  CRITICAL   115     POST /index.php - Cross-site scripting - [POST:customized = {"genesis-settings[footer_text]":"<div class=\"creds\"><p>Copyright [footer_copyright] <a href=\"https://www.workmoneyfun.com\">Work Money Fun</a> %c2%b7 <a href=\"https://www.workmoneyfu...] - www.workmoneyfun.com
22/Nov/22 07:50:22  #6348150  CRITICAL   115     POST /index.php - Cross-site scripting - [POST:customized = {"genesis-settings[footer_text]":"<div class=\"creds\"><p>Copyright [footer_copyright] <a href=\"https://www.workmoneyfun.com\">Work Money Fun</a> %c2%b7 <a href=\"https://www.workmoneyfu...] - www.workmoneyfun.com
    Plugin Author nintechnet

    (@nintechnet)

    Can you scan the wp-content/plugins and wp-content/themes folders for session_start in all PHP files? I would like to see if you have another plugin/theme that makes use of PHP session.

    Thread Starter rockstaremperor

    (@rockstaremperor)

    Here is the list.

    View post on imgur.com

    I disabled other security plugins and tried but still same error.

    #2340300  CRITICAL   115  POST /index.php - Cross-site scripting - [POST:customized = {"genesis-settings[footer_text]":"<div class=\"creds\"><p>Copyright [footer_copyright] <a href=\"https://www.workmoneyfun.com\">Work Money Fun</a> %c2%b7 <a href=\"https://www.workmoneyfu...] - www.workmoneyfun.com
#3866804  CRITICAL   115  POST /index.php - Cross-site scripting - [POST:customized = {"genesis-settings[footer_text]":"<div class=\"creds\"><p>Copyright [footer_copyright] <a href=\"https://www.workmoneyfun.com\">Work Money Fun</a> %c2%b7 <a href=\"https://www.workmoneyfu...] - www.workmoneyfun.com
#3942896  CRITICAL   115  POST /wp-admin/admin-ajax.php - Cross-site scripting - [POST:customize_changeset_data = {"genesis-settings[footer_text]":{"value":"<div class=\"creds\"><p>Copyright [footer_copyright] <a href=\"https://www.workmoneyfun.com\">Work Money Fun</a> %c2%b7 <a href=\"...] - www.workmoneyfun.com
    Plugin Author nintechnet

    (@nintechnet)

    You’d need to use the panel search feature to scan those files for the session_start string.

    Thread Starter rockstaremperor

    (@rockstaremperor)

    Scanning displayed only 1 result for session_start string on Home only – https://imgur.com/a/cKKdUdI

    I just did a thorough search in database and deleted all Wordfence leftovers and a few other old leftover entries from other plugins there and now the problem is solved, and I can edit the scripts.

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘Request cannot be processsed’ is closed to new replies.

Tags