NF blocking TablePress

  • Resolved Castor

    (@castoruk)


    9 years, 11 months ago

    Hi all

    I’ve come across an issue using the popular TablePress plugin and NF blocking usage.

    The first issue is rule 510 blocks the import of a csv (POST /wp-admin/admin-post.php – DOCUMENT_ROOT variable ). This rule cannot be disabled for obvious reasons.

    The second is when previewing/saving in TablePress (POST /wp-admin/admin-ajax.php – BASE64-encoded injection).

    Has anyone come across this before and is there a workaround, other than temporarily disabling the plugin?

    Thanks in advance.

    https://ww.wp.xz.cn/plugins/ninjafirewall/

Viewing 7 replies - 1 through 7 (of 7 total)
  • Tobias Bäthge

    (@tobiasbg)

    9 years, 11 months ago

    Hi,

    thanks for your question, and sorry for the trouble.

    That’s strange. I don’t see why NF is blocking TablePress. It’s not using base64, but JSON-encoded content in its AJAX requests. For the import, it uses the regular WordPress file system API.

    Maybe one of the NF developers can shed light on this.

    Regards,
    Tobias

    Plugin Author nintechnet

    (@nintechnet)

    9 years, 11 months ago

    Hi

    Are you the administrator when you try to import the file? If you are, make sure you are whitelisted by the firewall otherwise you may need to temporarily disable some rules/policies:

    -DOCUMENT_ROOT variable: it can be disabled from the “Firewall Policies > Block the DOCUMENT_ROOT server variable in HTTP request”.
    -BASE64-encoded injection: can you show me the corresponding firewall log line? I’m aware of a bug which could trigger a false alert in some very rare occasion, and that might be the issue. It was fixed in version 3.2.3 which should be released later this week.

    Thread Starter Castor

    (@castoruk)

    9 years, 11 months ago

    Hi

    This is when a site editor is trying to use the plugin. I’m automatically whitelisted as an administrator so it works ok for me but I don’t manage site content.

    I can disable the DOCUMENT_ROOT option but what would the possible security issues this would create?

    Here is the full line from the log:

    30/Jun/16 14:34:20 #5387930 critical- #.#.#.# POST /wp-admin/admin-ajax.php – BASE64-encoded injection – [POST:tablepress = 10 10 DDESGPTable.csv DDESGPTable.csv 64 6 [[“GP Practice Name”,”Practice Manager Contact Details”,”Number of sessions”,”Traditional Career Start Scheme”,”Joint GP and Hospital Post”…]

    Plugin Author nintechnet

    (@nintechnet)

    9 years, 11 months ago

    The “DOCUMENT_ROOT” option helps to detect and blocks a lot of shell scripts and backdoors because most of them need it. But if you keep your site up to date and protected, you should be safe.
    Another possibility is to whitelist the editors by IP (if they have a static IP), using the .htninja user configuration file.

    Regarding the BASE64 issue, that looks like the bug I mentioned in my previous message.

    Tobias Bäthge

    (@tobiasbg)

    9 years, 11 months ago

    Hi,

    nice find! I hope that this helps to get things working again!

    Best wishes,
    Tobias

    Thread Starter Castor

    (@castoruk)

    9 years, 10 months ago

    Disabling the DOCUMENT_ROOT option, and whatever fix was introduced in ver 3.2.3 looks like its sorted it.

    Still may look into whitelisting the IP, but unfortunately we sit behind a quite large organisational proxy and our IP can vary widely.

    Thanks again.

    Tobias Bäthge

    (@tobiasbg)

    9 years, 10 months ago

    Hi,

    very nice! Good to hear that this solved it! 🙂
    Thanks for the update!

    Best wishes,
    Tobias

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘NF blocking TablePress’ is closed to new replies.