Welcome,
Guest
.
Please
login
or
register
.
Did you miss your
activation email
?
News:
Elxis 5.5 Calypso supports 2 factor authentication login with e-mail or SMS.
Home
Help
Login
Register
Elxis CMS Forum
»
Support
»
Elxis 4.x/5.x DEV
»
Visits (Referrals) from WeChat app are blocked by Elxis Defender
« previous
next »
Print
Pages: [
1
]
Author
Topic: Visits (Referrals) from WeChat app are blocked by Elxis Defender (Read 3812 times)
seadhna
Hero Member
Posts: 507
Visits (Referrals) from WeChat app are blocked by Elxis Defender
«
on:
September 06, 2023, 17:45:27 »
Hi there,
if users share links to any Elxis website in the the Chinese "everything app" WeChat, the visitor is unable to visit the website and receives an error message. This has started happening just in the past few weeks.
Sample security log:
2023-09-06 14:27:39 GMT [IP ADDRESS REMOVED FROM THIS FORUM TOPIC]
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 NetType/WIFI MicroMessenger/7.0.20.1781(0x6700143B) WindowsWechat(0x63090621) XWEB/8379 Flue
REFERER:
https://weixin110.qq.com/
GET /video-challenge/gallery.html
REFCODE: DEFG-0002 Request blocked, Method: AGENT, Rule: (0x67, Reason: Unacceptable character
This happens on all Elxis websites tested. The only known fix is to turn off Elxis Defender.
Sample Email report:
Elxis Defender blocked an attack to your site!
Reference code: SEC-DEFG-0002
Elxis Defender report
Rules: general
Match where: AGENT
Regex match number: 3
Match rule: (0x67
Reason: Unacceptable character
Requested URI: /video-challenge/2023.html
IP address: REMOVED FROM THIS MESSAGE
Hostname: REMOVED FROM THIS MESSAGE
HTTP Referrer:
https://weixin110.qq.com/
User agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 NetType/WIFI MicroMessenger/7.0.20.1781(0x6700143B) WindowsWechat(0x63090621) XWEB/8379 Flue
Date (UTC): 2023-09-06 14:27:16
Site URL: REMOVED FROM THIS MESSAGE
This is only happening in the WeChat app, which also works as a browser. If users copy the link to a different browser, there is no error. However, normally users will click directly on links inside the app.
Does anyone have any idea why this might be happening?
The URL in the address bar does not appear to have any unacceptable characters - it looks normal.
Logged
seadhna
Hero Member
Posts: 507
Re: Visits (Referrals) from WeChat app are blocked by Elxis Defender
«
Reply #1 on:
September 06, 2023, 17:55:58 »
It seems like Elxis Defender does not like this part of the User Agent? (0x67
Logged
webgift
Elxis Team
Hero Member
Posts: 4193
Re: Visits (Referrals) from WeChat app are blocked by Elxis Defender
«
Reply #2 on:
September 09, 2023, 06:50:06 »
Hello,
this is a really unacceptable character indeed.
Disabling Elxis Defender
at all is not a
suggested
option.
I believe that it's not even a great idea to disable
the rule
triggered on Elxis Defender. I would report that on WeChat technical team to exclude that kind of characters from URLs inside their app.
Logged
Elxis Team •
Custom web design [EN]
-
[EL]
•
.GR Registrar
datahell
Elxis Team
Hero Member
Posts: 10356
Re: Visits (Referrals) from WeChat app are blocked by Elxis Defender
«
Reply #3 on:
September 10, 2023, 21:28:54 »
You can disable this specific filter. Open this file:
includes/libraries/elxis/defender/general.rules.php
And comment the third rule:
//array('URI,QUERY,POST,AGENT', '[^a-z0-9]0x[0-9a-f][0-9a-f]', 'Unacceptable character'),
Alternatively, you can keep this line but only remove the
AGENT
part:
array('URI,QUERY,POST', '[^a-z0-9]0x[0-9a-f][0-9a-f]', 'Unacceptable character'),
Note that after an update your changes will be lost. So,
alternatively
you can do this:
Copy all "general" filters in "custom" filters file. On custom.rules.php comment the third line as before.
Go to Elxis settings and in Defender disable general filters and enable custom filters.
Now Elxis defender works as before but without the 3nd rule, or with the AGENT removed. Also after an update your changes will be preserved.
Note on Elxis Defender error code
Reference code:
SEC-DEFG-0002
SEC: Security, reason for the alert
DEFG: Source, Defender General filters
0002: Rule number 3 (the rules are 0 indexed. The first rule is 0, the second 1, the third 2, etc)
«
Last Edit: September 10, 2023, 21:33:42 by datahell
»
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
seadhna
Hero Member
Posts: 507
Re: Visits (Referrals) from WeChat app are blocked by Elxis Defender
«
Reply #4 on:
September 13, 2023, 11:55:11 »
Thanks! We'll reach out to the WeChat folks and hopefully they can fix this on their end for a more permanent long-term solution.
Logged
Print
Pages: [
1
]
« previous
next »
Elxis CMS Forum
»
Support
»
Elxis 4.x/5.x DEV
»
Visits (Referrals) from WeChat app are blocked by Elxis Defender