PUT and DELETE restrictions

I am testing Oreo App (CodeCanyon item) on a******.com/a**** (multisite), but I’m getting PUT 403 errors on the browser console. Can you help me to fix this error?

  • Kris Tomczyk
    • Ex Staff

    Hi Haime

    I hope you are doing good today.

    I checked this page and I cannot see those errors in the browser console.
    Does Oreo App is disabled now on your site?
    Also, could you make a test and disable “Web Application Firewall” on our hosting on the Tools tab and see if that helps?

    Please let me know about the results.

    If this will not help please send the below data so I could take a closer look on this.
    Please send it through our secure contact form here https://vvpmudev.com/contact/#i-have-a-different-question and make sure that subject is “I have a different question” and:
    – Mark to my attention: ATTN: Kris Tomczyk

    – Site access:
    — login url
    — username
    — password

    – Link back to this thread

    Please don’t share any sensitive information (i.e credentials) in the Support Forum, it has public visibility and everyone will have access to it.

    Please confirm here in the thread that you have sent that message.

    Kind Regards,
    Kris

  • Haime
    • Flash Drive

    Hi Kris,

    disabling WAF did the trick! And that is very unfortunate :slight_frown: As this is an e-commerce multi-vendor marketplace I really want to have best of both worlds, the app working AND WAF enabled… Would it be as easy as whitelisting *.rnlab.io?

    regards,

    Haime

  • Aditya Shah
    • DevOps Team Lead

    Hi Haime

    Hope you are doing good. :slight_smile:

    It looks like the operation is injecting script on your site which is not allowed in our WAF.

    If it impacts operations on your site we recommend that you whitelist the rules from the Hub –> hosting –> Tools –> Web Application firewall –> disabled rule ids
    Here you can enter one rule per line looking at the Waf logs in Hub –> hosting –> logs –> WAF log
    you can get the details of the matched rule in the details part of the matched rules tab.

    NOTE: The WAF log will only be available when you enable the Web Application Firewall.

    In your case, the rule ID which is impacting is: “211650” as found here https://monosnap.com/file/La8ivJoTokiMrmZNEExo37ihWoKaQW please whitelist the rule as advised above in the tools tab -> WAF , or you can whitelist your IP in the WAF which may allow only you to do that operation. :slight_smile:

    Hope this helps you, please let us know if you need any further help. :slight_smile:

    Best Regards,
    Aditya Shah