grigb

This is the only mention of this devastating, show-stopping issue I could find.

Not sure what John (above) discovered, but my logs suggested that saving the “Additional CSS” looks like a SQL injection attack to the firewall on my DreamHost VPS.

By turning off the “highly recommended” Web Application Firewall in Dreamhost, the problem was “fixed”.

[Tue May 21 14:20:17.339665 2024] [:error] [pid 462816:tid 140412454508096] [remote REDACTED] [client REDACTED] ModSecurity: Warning. detected SQLi using libinjection with fingerprint ‘f(n)’ [file “/etc/modsecurity/mod_sec3_CRS/REQUEST-942-APPLICATION-ATTACK-SQLI.conf”] [line “65”] [id “942100”] [msg “SQL Injection Attack Detected via libinjection”] [data “Matched Data: f(n) found within ARGS:styles.typography.fontFamily: var(–wp–preset–font-family–inter)”] [severity “CRITICAL”] [ver “OWASP_CRS/3.3.2”] [tag “application-multi”] [tag “language-multi”] [tag “platform-multi”] [tag “attack-sqli”] [tag “paranoia-level/1”] [tag “OWASP_CRS”] [tag “capec/1000/152/248/66”] [tag “PCI/6.5.2”] [hostname “REDACTED”] [uri “/wp-json/wp/v2/global-styles/14”] [unique_id “ZkytoZXBKDcLaggRPyFIvABOi5A”], referer: https://REDACTED/wp-admin/site-editor.php?postType=wp_template&postId=twentytwentyfour%2F%2Fhome&canvas=edit

• This reply was modified 2 years ago by grigb.