Wednesday, 28 July, 2021

Install a Free SSL Certificate with Really Simple...

Forum | Really Simple SSL

GoDaddy Securi IDS locking out users when content security policy on

Categories

Recent Replies

Recent Topics

This topic has 1 reply, 2 voices, and was last updated 6 months, 2 weeks ago by Rogier.

Viewing 2 posts - 1 through 2 (of 2 total)

Author

Posts
January 13, 2021 at 4:28 pm #533754

David Sutherland
Participant

FYI I was getting intrusion detection system (IDS) lockouts for users (including myself) from GoDaddy’s Securi when I had turned on the content security policy

The IDS log was showing excessive hits to this URL: ‘ /wp-json/rsssl/v1/csp?rsssl_apitoken=1609280xxx (changed to xxx)

When I commented out the code as mentioned in the support post below the site stopped blocking me!
# Begin Really_Simple_SSL_CSP_Report_Only

Mentioned here:
https://really-simple-ssl.com/forums/topic/speed-issue-404-code/

January 14, 2021 at 8:23 am #534132

Rogier
Keymaster

Hi David,

Thanks for reporting your issue.

What you experienced is caused by the reporting feature of the CSP. When enabled, this can cause a heavy load on the server. When enforcing is enabled, this stops.

We are releasing a new version in one or two weeks where reporting is paused when 20 reports have been submitted through the api. The user can then analyse the blocked resources, and allow or deny them.
Author

Posts

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Subscribe