Ivory Search › Forums › Support › AJAX Search blocked by Sucuri Firewall
- This topic has 2 replies, 2 voices, and was last updated 1 year, 7 months ago by Ivory Search.
You must be logged in to create new topic or reply to the topic. Click To Login
- AuthorPosts
- May 24, 2023 at 10:37 PM #16321
I am reaching out to seek assistance regarding a compatibility issue with the Ivory Search plugin and the Sucuri Firewall service.
I have noticed that the AJAX search functionality of the Ivory Search plugin is being blocked by the Sucuri Firewall. I’ve reached out to Sucuri’s support team and they’ve provided me with the following details:
- URL:
XSS040 GET 403 /wp-admin/admin-ajax.php?action=jet_ajax_search&nonce=69c1f17932&data%5Bsearch_source%5D%5B%5D=finding_aid&data%5Bsearch_taxonomy%5D=&data%5Binclude_terms_ids%5D=&data%5Bexclude_terms_ids%5D=&data%5Bexclude_posts_ids%5D=&data%5Bcustom_fields_source%5D=&data%5Blimit_query%5D=5&data%5Blimit_query_tablet%5D=&data%5Blimit_query_mobile%5D=&data%5Blimit_query_in_result_area%5D=25&data%5Bresults_order_by%5D=relevance&data%5Bresults_order%5D=asc&data%5Bsentence%5D=&data%5Bsearch_in_taxonomy%5D=&data%5Bsearch_in_taxonomy_source%5D=&data%5Bresults_area_width_by%5D=form&data%5Bresults_area_custom_width%5D=&data%5Bresults_area_custom_position%5D=&data%5Bthumbnail_visible%5D=yes&data%5Bthumbnail_size%5D=thumbnail&data%5Bthumbnail_placeholder%5D%5Burl%5D=https%3A%2F%2Fwww.southpeacearchives.org%2Fwp-content%2Fplugins%2Felementor%2Fassets%2Fimages%2Fplaceholder.png&data%5Bthumbnail_placeholder%5D%5Bid%5D=&data%5Bthumbnail_placeholder%5D%5Bsize%5D=&data%5Bpost_content_source%5D=content&data%5Bpost_content_custom_field_key%5D=&data%5Bpost_content_length%5D=30&data%5Bshow_product_price%5D=&data%5Bshow_product_rating%5D=&data%5Bshow_result_new_tab%5D=&data%5Bhighlight_searched_text%5D=&data%5Bsymbols_for_start_searching%5D=2&data%5Bbullet_pagination%5D=&data%5Bnumber_pagination%5D=&data%5Bnavigation_arrows%5D=in_header&data%5Bnavigation_arrows_type%5D=angle&data%5Bshow_title_related_meta%5D=&data%5Bmeta_title_related_position%5D=&data%5Btitle_related_meta%5D=&data%5Bshow_content_related_meta%5D=&data%5Bmeta_content_related_position%5D=&data%5Bcontent_related_meta%5D=&data%5Bnegative_search%5D=Sorry%2C%20but%20nothing%20matched%20your%20search%20terms.&data%5Bserver_error%5D=Sorry%2C%20but%20we%20cannot%20handle%20your%20search%20query%20now.%20Please%2C%20try%20again%20later!&data%5Bvalue%5D=vader&data%5BdeviceMode%5D=tablet&_=1683834612842
- The special encoding characters are triggering the firewall XSS rules.
- The blocks are occurring on the admin URL and the firewall will not allow the phrase ‘admin’ in the allowlist/whitelist
as it will defeat the purpose of a firewall.
If I upgrade to one of your premium versions of the plugin, will it resolve this issue? Are you able to change anything to prevent the AJAX search from being blocked by the firewall XSS rules? If it wasn’t running from the admin-ajax.php I would be able to whitelist it.
- URL:
- May 24, 2023 at 10:50 PM #16322
Apologies – Please delete as this question is for a different search plugin – I mixed them up prior to submitting.
- May 25, 2023 at 3:43 PM #16339
Not an issue at all.
You are always welcome here 🙂
- AuthorPosts
You must be logged in to create new topic or reply to the topic. Click To Login