Hi @zhenhomework
Can you please try disabling one by one below features? It might be one of the firewall rules is making an issue.
1) Deny bad query string – WP Security > Firewall > PHP rules tab. – URI security – Deny bad query strings: uncheck the checkbox and save
2) Advanced char filter – WP Security > Firewall > PHP rules tab. – String filtering – Enable advanced character string filter: uncheck the checkbox and save
3) 5g firewall rules – WP Security > Firewall > 6G Blacklist firewall rules tab. Enable legacy 5G firewall protection uncheck the checkbox and save
4) 6g firewall rules – WP Security > Firewall > 6G Blacklist firewall rules tab. Enable 6G firewall rules – uncheck the checkbox and save
If still an issue. Please add the below constant in wp-config.php and check
define( 'AIOS_NO_FIREWALL', true);
Regards
Thank you for your reply.
I have tried the four options mentioned above, but the situation remains unchanged.
Additionally, I don’t have any experience editing the wp-config.php file. Could you advise me on what steps I should take next?
Hi @zhenhomework,
You can cross-check the below link for how to add that constant.
define( 'AIOS_NO_FIREWALL', true);
https://www.eukhost.com/kb/how-to-add-constants-to-your-wp-config-php-file/
Regards
Hello,
I had the same problem. I solve disabling “Forbid proxy comment posting” (https://prnt.sc/zv0LPPALbSmh) But neither I nor the people who tried to comment were using proxies, so I suggest verifying that this setting works. I hope this helps. Adding the constant
define( 'AIOS_NO_FIREWALL', true);
it’s not a real solution because it disables the all the firewall rules.
Regards
Hi @bdevitaly
Can you please contact the hosting provider and ask why any one of the below $_SERVER variables being passed which is considering from proxy server the comment being posted?
'HTTP_VIA',
'HTTP_FORWARDED',
'HTTP_USERAGENT_VIA',
'HTTP_X_FORWARDED_FOR',
'HTTP_X_FORWARDED_HOST',
'HTTP_PROXY_CONNECTION',
'HTTP_XPROXY_CONNECTION',
'HTTP_PC_REMOTE_ADDR',
'HTTP_CLIENT_IP',
Regards
@hjogiupdraftplus – I am the hosting provider for my sites, and I have the same issue as above. I do not understand your last comment though. can you elaborate please?
~Core
Hi @core
The issue was due to Forbid proxy comment posting rule.
classes\firewall\rule\rules\general\rule-proxy-comment-posting.php
As per the rule file above, if any of those $_SERVER variables are set considered proxy is being used to comment posting and it is blocked and shows 403 forbidden response.
Could you please cross-check and determine if any of the variables below are set? If so, do you think it should not be considered posted from a proxy?
//Headers that are present if a proxy is being used
$headers = array(
'HTTP_VIA',
'HTTP_FORWARDED',
'HTTP_USERAGENT_VIA',
'HTTP_X_FORWARDED_FOR',
'HTTP_X_FORWARDED_HOST',
'HTTP_PROXY_CONNECTION',
'HTTP_XPROXY_CONNECTION',
'HTTP_PC_REMOTE_ADDR',
'HTTP_CLIENT_IP',
);
foreach ($headers as $header) {
if (!empty($_SERVER[$header])) return Rule::SATISFIED;
}
