Cloudflare
Cloudflare

We’re using WP Media Folder. Suddenly we were seeing this message:

"The server cannot process the image. This can happen if the server is busy or does not have enough resources to complete the task. Uploading a smaller image may help. Suggested maximum size is 2,560 pixels."

But the images were small in both size and dimensions. It wasn’t that.

When we checked the Chrome dev tools console we saw this message:

Access to XMLHttpRequest at 'https://ans3bucket.s3.eu-west-2.amazonaws.com/wp-content/uploads/sites/2/someimage.jpg' from origin 'https://www.somewebsite.com'
has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Which started a minor scrabble to review our CORS settings on the bucket but then I had another thought: Cloudflare.

We’d had endless problems with Cloudflare since we started using it with countless things being stopped and blocked.

Sure enough hidden away in the CF event log was this at the time of the error:

Matched service - Export event JSON
Service - Managed rules
Action taken - Managed Challenge
Ruleset - Cloudflare OWASP Core Ruleset
Rule - 949110: Inbound Anomaly Score Exceeded
OWASP score - 65

So we went and added a custom rule in Cloudflare (Security/WAF/Custom Rules/Create Rule):

(http.request.uri.path contains "/wp-admin/async-upload.php")
Action = Skip Managed rules.

And image upload started working again!

So the image size message and the CORS error were red herrings!

I’m not sure if this is the best/more secure solution, I’d be happy to hear another.

Note: whitelisting IPs would also work, but we have users with dynamic IPs so that isn’t a fix for us.

Last modified: June 11, 2024

Author

Comments

Write a Reply or Comment

Your email address will not be published.