I was doing some testing this afternoon, and the WAF was blocking the trigger I was creating. and I couldn’t do anything about it after checking with the security logs in Cloudflare (Cloudflare Dashboard → Security → Events) ; there where none I then checked the Gridpane WAF Logs for the domain and it was that
Really easy to fix following this documentation, and below is what I did for my future reference
- SFTP FileZilla to the following location: /var/www/yourwebsite-address/nginx
- If not already create a ip-whitelist-7g-context.conf
- Add the code below to that file, change the IP Address, or add one in the format detailed if already there
- Putty in and type nginx -t in the command prompt
- If there are no errors, type gp ngx reload and your rule should now be working.
# Documentation: https://gridpane.com/kb/using-the-7g-web-application-firewall/
# This unblocs XXX Site +
# Format "(1.1.1.1|XX.XX.XX.XX|XX.XX.XX.XX)
if ($remote_addr ~* "(1.1.1.1)") {
set $7g_drop_bad_request 0;
set $7g_drop_bad_referer 0;
set $7g_drop_bad_query_string 0;
set $7g_drop_not_allowed_method 0;
set $7g_drop_bad_bot 0;
}Note: This is on a site-by-site basis ( See modification below for server-wide)
- Change Location to /etc/nginx/extra.d/
- If not already created create ipwhitelists-7g-context.conf
- The rest of the steps are the same
