I have a few wordpress sites on a server behind my Astaro, and I have been having trouble connecting certain clients to them that use the XML-RPC remote publishing protocol. The IPS system was resetting the connection, citing the "WEB-PHP xmlrpc.php post attempt" as the intrusion (rule 3827). How/Why is that an intrusion? I rewrote the rule to only alert, but if it is a legitimate risk, I would rather be able to just put in an exception for one server. Is there an easy way I can view the contents of this rule?
This thread was automatically locked due to age.
