Troubleshooting Ninjafirewalls Issues with Bricksbuilder Editor

  • Resolved Jason

    (@jason6666h)


    1 year ago

    Hi, when Ninjafirewalls is enabled, pages edited with the Bricksbuilder editor cannot be saved. (WAF mode)

    However, disabling Ninjafirewalls allows for normal page editing and saving.

    Could you assist in identifying the specific rule that’s leading to this issue?

    Thanks.

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author nintechnet

    (@nintechnet)

    As soon as you are blocked, go to “NinjaFirewall > Logs”, copy the line that shows the blocked request (likely the last line in the log) and paste it here.

    Thread Starter Jason

    (@jason6666h)

    Thanks for your reply, the log is as follows:

    06/Nov/23 10:14:17? #3208169? CRITICAL?? 115? 172.68.118.99??? POST /index.php – Cross-site scripting – [RAW:POST = {“nonce”:”9e772a2ea2″,”postId”:”9″,”action”:”bricks_render_element”,”element”:{“id”:”xntumk”,”name”:”code”,”parent”:”nlkegs”,”children”:[],”settings”:{“code”:”<?php\nwp_enqueue_script(‘bric…] – u-lohas.life

    06/Nov/23 10:14:18? #6889754? CRITICAL?? 115? 172.68.118.99??? POST /wp-admin/admin-ajax.php – Cross-site scripting – [POST:element = xntumk code nlkegs <?php%0awp_enqueue_script(‘bricks-swiper’);%0awp_enqueue_style(‘bricks-swiper’);%0a?>%0a%0a<script>%0a? window.addEventListener(‘load’, (event) => {%0a??? const blog30 = new Swiper…] – u-lohas.life

    06/Nov/23 10:14:29? #1491656? CRITICAL?? 115? 172.68.118.98??? POST /wp-admin/admin-ajax.php – Cross-site scripting – [POST:content = [{“id”:”svblbv”,”name”:”section”,”parent”:0,”children”:[“wrtbze”],”settings”:{“_padding”:{“top”:”0″,”bottom”:”0″,”right”:”0″,”left”:”0″},”_width”:”100%”}},{“id”:”xbylss”,”name”:”section…] – u-lohas.life

    Plugin Author nintechnet

    (@nintechnet)

    The log shows that some <script>xxxx</script> JavaScript code is inserted in the post content.
    You would need to disable rule “115” from the “NinjaFirewall > Security Rules > Rules Editor” page.

    Thread Starter Jason

    (@jason6666h)

    Thanks, do I need to worry about compromising security by removing security rules?

    Plugin Author nintechnet

    (@nintechnet)

    If you are the admin, you shouldn’t be blocked or need to disable any rules.
    If you’re an editor (or any other roles), you cannot whitelist your role in the free version of NinjaFirewall. But you could whitelist all logged-in users, assuming you don’t allow user registration and you are the only authenticated person. If that’s not the case, you don’t have any other choices: you need to disable the corresponding rule and that will always slightly lower your security level. But the firewall still has a lot of rules and security features left to protect you.

    Thread Starter Jason

    (@jason6666h)

    Thank you for your reply. I confirmed that I am an administrator, but I was not excluded from the whitelist, causing the editing Brick builder to trigger the blocking rule.
    I use openlitespeed+WAF mode and there are no other settings. Are there any other settings that may affect the whitelist function?

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Troubleshooting Ninjafirewalls Issues with Bricksbuilder Editor’ is closed to new replies.