Support

Search results for ""

Sorry, no results found. Perhaps you would like to search the documentation?
All Topics
Andreu Llos

Change filters to use POST instead of GET

Hi,
We have a website hosted in AWS where we can make Admin Columns PRO to get working because of a security issue. This is what the service provider says:

It has been detected that a security rule is invalidating that request.

https://docs.aws.amazon.com/es_es/waf/latest/developerguide/aws-managed-rule-groups-use-case.html Specifically, it is the SQLi_QUERYARGUMENTS rule:

It uses the built-in AWS WAFSQL Injection Attack Rule Statement function, with the sensitivity level set to Low, to inspect the values of all query parameters for patterns that match malicious SQL code.

Rule Action:Block

Tag:awswaf:managed:aws:sql-database:SQLi_QueryArguments

These rules cannot be deactivated by security policy of our environments.

Do you know if there’s anything we can do like changing the way the filters work somehow?

Thanks

6 months, 2 weeks ago
Stefan
Developer

Is it correct that you only have this issue when you’re using our Smart Filtering feature? This feature sends a JSON string to the URL which some providers might see insecure. I’m not really sure what triggers this issue on AWS though and it is not possible to change the request to POST because everything on the table in WordPress works with a GET request. Can you maybe check when you only use the filter dropdowns if everything works as expected?

6 months, 2 weeks ago

You must be logged in to reply to this topic.