Location Edit / Save Throws 403 Error
Customer: teivin_*
Reproduction
- Login as super admin
- Switch to user teivin_*
- Go to Location Details on sidebar menu (URL: <base_url>/<username>/wp-admin/admin.php?page=slp_manage_locations
- Edit the first location on the list (brings up Edit Location form)
- Save
ON production and staging it generates a 403 forbidden error.
On local development it runs properly.
This is likely a firewall issue not a code issue.
Research
With this working on the development servers, and not complaints until after invoking the AWS firewall (WAF) on production, it looks like an IT/firewall issue not a code issue.
Disassociated the WAF rules from the production & staging servers until we can fine tune these.
Staging Rules:
Analyzing staging traffic during edit location window:
- AWSManagedRulesCommonRuleSet
- SizeRestrictictions_BODY
- UserAgent_BadBots_HEADER
Production Rules
Resolution
In the AWS WAF rule set…
In AWSManagedRulesCommonRuleSet, change SizeRestrictictions_BODY to be COUNT.