Shield Firewall block: Firewall terminated the request because it triggered a firewall rule

The Firewall Zone component of the Shield Security plugin is an Application Level Firewall. This means it only acts, and can only act, at the WordPress level.

It's designed to analyse data sent to your WordPress site and block any requests that appear to be malicious.

We don’t write to the core .htaccess files on principle, so we don’t affect how Apache handles web requests. Instead, we examine the data in these requests and then allow or block WordPress from loading depending on the rules you have chosen.

Shield analyses the information contained within the GET and POST data sent to your site. This is explained in more detail here.

When it detects something that it doesn’t like – it’ll kill that web request and prevent WordPress from loading any further. In this way, it prevents WordPress from receiving/using malicious data that’s been sent to it to for the purpose of causing trouble.

Example

When the Shield firewall has been triggered, you'll get this block message:

It can happen that you, as a site owner or your site visitors get blocked by the firewall. To stop this block, follow the below steps...

Step #1: Go to your WP Activity Log

Review your WP Activity Log and find the firewall block entry. It'll tell you what exact firewall rule has been triggered, and the offending parameter. 

In this example

  • firewall rule (option) triggered is Directory Traversals
  • the offending request parameter is "test-beta-19x"

Step #2: Whitelist the offending parameter, or turn off the firewall rule (option)

So, to stop this firewall block, you always have 2 options

  1. Whitelist the parameter; or
  2. disable the firewall rule (option).

To do this, you may go to the Security Zones main menu > Firewall > click "Zone Actions" - Configure All Related Firewall Options > Request Firewall tab.

The parameter to whitelist is 

*, test-beta-19x

(* (asterisks) refers to all pages)

You can whitelist it manually by using Whitelist Parameters option field.

If this doesn't work, or you simply don't want to whitelist the parameter, you'll need to turn off the offending firewall rule (option). In this example, it's Directory Traversals. (see the screenshot below)

Note: You may also want to read How to interpret Firewall entries in the Activity Log and whitelist parameters (examples).

You are locked out as the result of firewall. What should you do?

In this case, follow these steps:

  1. Go to your FTP for this site and create a "forceoff" file by following the steps outlined in this guide here.

    This will keep Shield active, allowing you to get back in and change plugin settings.

  2. Log into your site
  3. Go to the Bots & IP Rules section and remove your IP from the blacklist.
  4. Go to your WP Activity Log Viewer to find the firewall block (explained above)
  5. Whitelist the parameter, or turn off the firewall offending rule (option) (explained above)
  6. Remove a "forceoff" file

To learn more about the Shield's Firewall Zone, read this article here