Modsecurity server was blocking javascript from uploads folder

Home Forums Product Support Forums Ajax Search Pro for WordPress Support Modsecurity server was blocking javascript from uploads folder

This topic contains 3 replies, has 2 voices, and was last updated by Ernest Marcinko Ernest Marcinko 2 months, 2 weeks ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #40146
    Rosa
    Rosa
    Participant

    Hi, my server was blocking execution of javascript Ajax plugin, infact Modsecurity (CPanel) was blocking the operation as javascript is being executed from the uploads folder. For security reasons this type of activity is prevented, in fact the uploading of files in this folder is possible by all users of the site, not only the administrators, and sometimes, through some plugins, even by visitors without access data. For this reason, uploading code to the uploads folder is one of the most frequent attack vectors on WordPress sites. The files in this folder should consist only of images, attachments, documents or anything you want to make available for download from your site, but not PHP or JavaScript code.
    Allowing such files to be run/uploaded in WordPress puts the site’s integrity at risk and exposes it to DOS attacks, data theft, phishing, spam, and more.

    There is a way for not load this kind of file from that folder?
    thankyou very much

    #40148
    Ernest Marcinko
    Ernest Marcinko
    Keymaster

    Hi,

    I think you actually have a case here. Generally javascript file should not be an issue, being a client side feature – however I didn’t think of node.js or other server side javascript engines. In this case this is luckily not a risk of any kind, the files are only static javascript, aggregation of the actual plugin script files.

    I am pushing for a bugfix release later today, I am testing a possible fix to this to move everything to the wp-content/cache/ folder, which could be the best place for the generated and aggregated assets.

    I am attaching a beta test release of 4.21.1 to this post. Can you please install and check if it works for you?

    Attachments:
    You must be logged in to view attached files.
    Best,
    Ernest Marcinko

    If you like my products, don't forget to rate them on codecanyon :)


    #40157
    Rosa
    Rosa
    Participant

    Hi dear, the beta seems to work properly. I reinstalled modsecurity and you can check it at this link https://www.rossorubino.tv/guida-vini/
    Let me know updates..

    #40158
    Ernest Marcinko
    Ernest Marcinko
    Keymaster

    Perfect! Thank you very much for the feedback, the official update will be read soon.

    Best,
    Ernest Marcinko

    If you like my products, don't forget to rate them on codecanyon :)


Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.