503 Error - Being told I'm naughty

[MatthewOgborne]

Hi,

Firstly amazing, this has stopped loads of issues I was having prior to moving to varnish!

However I have one small challenge, the following url is being rejected as naughty / 503 error by one of the rules, it's below:

http://domain.co.uk/wp-admin/admin-ajax.php?callback=po_onsuccess&action=popover_selective_ajax&thefrom=http%3A%2F%2Fdomain.co.uk%2F&thereferrer=&active_popover=0&_=1366202946452

Any suggestions on how I can stop this url from being rejected and allow it to be passed through?

Many thanks,

Matt

[comotion]

you can check out the log or GET that url and check out the headers to see what rule blocks it.

[MatthewOgborne]

Howdy,

Ah ha so logging for a few moments (varnisglog > log_me.txt) found this:

23 VCL_Log      c security.vcl alert xid:847051761 HTTP/1.1 [sql-1][IP ADDRESS] 

So that's rule 1 on the sql.vcl, line 13:

if (req.url ~ "(?i).+SELECT.+FROM") {

So it must be seeing this:

popover_selective_ajax&thefrom=

As the threat.

What would be the syntax to change the line to add a AND not containing to "selective", would it be something like this?

if (req.url ~ "(?i).+SELECT.+FROM" && !req.url ~ "(?i).+SELECTIVE.+FROM") {

Matt

[comotion]

that rule isn't ideal, but your quick fix looks about right.