Shield Firewall block: Firewall terminated the request because it triggered a firewall rule

The firewall component of the Shield Security plugin is an Application Level Firewall. This means it only acts, and can only act, at the WordPress level.

It's designed to analyse data sent to your WordPress site and block any requests that appear to be malicious.

We don’t write to the core .htaccess files on principle, so we don’t affect how Apache handles web requests. Instead, we examine the data in these requests and then allow or block WordPress from loading depending on the rules you have chosen.

Shield analyses the information contained within the GET and POST data sent to your site. This is explained in more detail here.

When it detects something that it doesn’t like – it’ll kill that web request and prevent WordPress from loading any further. In this way, it prevents WordPress from receiving/using malicious data that’s been sent to it to for the purpose of causing trouble.

Example

When the Shield firewall has been triggered, and you have firewall block response message set to "Die With Message", you'll see the following block message:

It can happen that you, as a site owner or your site visitors get blocked by the firewall. To stop this block, follow the below steps...

Step 1: Go to your Activity Log

Review your Activity Log and find the firewall block entry. It'll tell you what exact firewall rule has been triggered, and the offending parameter. 

In this example

  • firewall rule (option) triggered is Directory Traversals
  • the offending/request parameter is "test-beta-17x"

Step 2: Whitelist the offending parameter, or turn off the firewall rule (option)

So, to stop this firewall block, you always have 2 options

  1. Whitelist the parameter; or
  2. disable the firewall rule (option).

The parameter to whitelist is 

*, test-beta-17x

(* (asterisks) refers to all pages)

You can whitelist it manually by going to the Firewall module > Whitelist > Whitelist Parameters:

Note: You may also want to read How to interpret Firewall entries in the Activity Log and whitelist parameters (examples).

If this doesn't work, or you simply don't want to whitelist the parameter, you'll need to turn off the offending firewall rule (option). In this example, it's Directory Traversals:

You are locked out as the result of firewall. What should you do?

In this case, follow these steps:

  1. Go to your FTP for this site and create a "forceoff" file. To do this, follow the steps outlined in this guide here.

    This will keep Shield active, allowing you to get back in and change plugin settings.

  2. Log into your site
  3. Go to the Manage IPs section and remove your IP from the blacklist.
  4. Go to your Activity Log Viewer to find the firewall block (explained above)
  5. Whitelist the parameter, or turn off the firewall offending rule (option) (explained above)
  6. Remove a "forceoff" file

Note: This is not a recommended option, but if you want to ensure that administrators are never affected (blocked) by the firewall, you can enable Ignore Administrators option:

To learn more about the Shield's Firewall module, read this article here