Change filters to use POST instead of GET
Hi,
We have a website hosted in AWS where we can make Admin Columns PRO to get working because of a security issue. This is what the service provider says:
It has been detected that a security rule is invalidating that request.
https://docs.aws.amazon.com/es_es/waf/latest/developerguide/aws-managed-rule-groups-use-case.html Specifically, it is the SQLi_QUERYARGUMENTS rule:
It uses the built-in AWS WAFSQL Injection Attack Rule Statement function, with the sensitivity level set to Low, to inspect the values of all query parameters for patterns that match malicious SQL code.
Rule Action:Block
Tag:awswaf:managed:aws:sql-database:SQLi_QueryArguments
These rules cannot be deactivated by security policy of our environments.
Do you know if there’s anything we can do like changing the way the filters work somehow?
Thanks
Is it correct that you only have this issue when you’re using our Smart Filtering feature? This feature sends a JSON string to the URL which some providers might see insecure. I’m not really sure what triggers this issue on AWS though and it is not possible to change the request to POST because everything on the table in WordPress works with a GET request. Can you maybe check when you only use the filter dropdowns if everything works as expected?
You must be logged in to reply to this topic.