You can use this document to troubleshoot potential issues when you first sync the StackPath WAF with your CMS.
In some cases, administrative sections of a CMS-based website may be blocked. For example, for WordPress, the WAF may label a change made to the /wp-admin section of a CMS-based site as malicious behavior, such as a Cross Site Scripting or SQL injection. As a result, the WAF will block the changes.
Step 1: Whitelist your static IP address
- In the StackPath Control Portal, in the left-side navigation menu, click Sites.
- Locate and select the desired site. This action will refresh the portal.
- In the left-side navigation menu, click Firewall.
- For Allowed IPs, click Add IP/IP Range.
- In the entry that appears, enter your IP address so that all traffic from your IP address will be allowed (whitelisted) and will not be blocked by the WAF for any type of request.
Step 2: Enable automatic logged-in admin users whitelist rule
WAF features a specific rule that detects when a user is logged-in to a supported CMS and automatically whitelists the user's session.
- In the left-side navigation menu, click WAF.
- Under CMS Protection, locate your CMS for admin logged-in users, and then slide On.
- If you do not see your CMS, please contact Support.
- With this action, when an admin user logs into the site, their CMS session will be whitelisted.