By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Access denied due to firewall policy violation

0

I'm trying to save some settings of plugins on my WordPress site, but I'm getting an undefined message from all of them. On the network, I can see that the error message says, "Access denied due to a firewall policy violation." What could be the cause of this issue?

Topics
Security, Identity, & ComplianceCompute
Tags
Security, Identity, & ComplianceAWS Elastic BeanstalkAWS Firewall ManagerIAM Policies
Language
English
assaft
asked 6 months ago1338 views
2 Answers
0

The error message "Access denied due to firewall policy violation" typically indicates that a security system in place is blocking the request made from your WordPress site. This could be due to a variety of reasons:

  1. Web Application Firewall (WAF) Rules: If you're using AWS, you might have AWS WAF or another firewall service in front of your site. It could be that the WAF rules are configured to block certain types of requests that it deems potentially harmful or that match patterns of known security threats.

  2. Plugin Security Settings: Some WordPress security plugins can act as a firewall and might be blocking requests that are mistaken for malicious activity.

  3. Server Firewall Settings: Your server might have firewall rules outside of AWS WAF that are blocking the request.

  4. Content Delivery Network (CDN): If you're using a CDN like AWS CloudFront in conjunction with WAF, the CDN might also have rules that can block requests.

Here's what you can do to troubleshoot and resolve the issue:

  1. Check WAF Rules:

    • Log in to the AWS Management Console.
    • Go to the AWS WAF & Shield service.
    • Review the rules that are in place for the web ACL that's associated with your resource.
    • Look for any rules that might be blocking POST requests or any rules with conditions that might match the normal operations of your WordPress plugins.
    • Temporarily disable the rule that you suspect is causing the block to confirm if it is the source of the problem.

  2. Review Security Plugins:

    • Deactivate your security plugins one by one to see if the issue persists. This can help you identify if a plugin is causing the problem.

  3. Server Firewall:

    • Access your server through SSH.
    • Review the server's firewall settings (like iptables or ufw on Linux).
    • Look for any rules that might be relevant to the blocked requests.

  4. CDN Settings:

    • If using CloudFront, check for any custom behaviors that might be blocking your requests.

  5. Logs:

    • Check the WAF logs to see details about the blocked requests.
    • WordPress and server error logs may also give you more information about the block.

  6. AWS Support:

    • If you're unable to identify the rule causing the issue, you might want to reach out to AWS Support for assistance.

  7. Documentation and Resources:

    • AWS WAF Documentation: AWS WAF Documentation
    • WordPress Plugin Conflicts: The WordPress Codex and support forums can be helpful resources for troubleshooting plugin issues.

Remember to make changes cautiously, document any changes you make, and ensure that you're not inadvertently reducing the security of your site while attempting to fix the issue.

profile pictureAWS
Obijan
answered 6 months ago
0

Thank you for the comprehensive response!

The perplexing aspect is the absence of rules in WAF, the firewall, or the CDN. Additionally, there are no protective plugins integrated with WordPress at the moment.

assaft
answered 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content