Ninja Firewall LOG Question

ARAKZ · October 20, 2021, 8:18am

Hey Guys,

maybe someone can help me, i have following log from the ninja firewall:

19/Oct/21 14:19:17 #5263456 CRITICAL 115 2a02:908:430:7c40:c959:2e2c:d002:cc6c POST /wp-admin/admin-ajax.php - Cross-site scripting - [POST:globalSettings = {“postTypes”:[“page”],“builderAutosaveDisabled”:true,“builderMode”:“dark”,“builderLocale”:“site-default”,“builderToolbarLogoLink”:“current”,“customCss”:"html {\r\n\toverflow-x: h…] - www.hfp

Can someone explain me what this means?
EDIT: The Site is not online, just a coming soon page and wp login…
Greetings

Andre

barnez · October 20, 2021, 10:59am

Hi,
The “115” after CRITICAL refers to the security rule that was triggered. If you go to NinjaFirewall >>> Security Rules >> Rules Editor in the WordPress dashboard, you can select and disable rule 115 (Cross-Site Scripting). As this looks like a false positive, and the plugin author of NinjaFirewall is keen to develop the security rules, it would be a goood idea to post that entry from the Firewall log over at the WordPress.org support forum, and mention that this rule was triggered in relation to the Bricks Builder. I’m pretty sure that the author would like to ensure full compatibility with Bricks - note that I am using the two plugins on a site without any issues:

Note that from the Help tab on the Log page you can find details of how to understand the log entry: