Halo is a popular open-source content management and blogging platform. Some users have reported issues where Halo’s built-in security rules block certain upload or editing actions—especially when working with script files or technical documentation that requires PUT/POST requests to Halo’s APIs.
This article explains what’s happening, why it occurs, and how to configure SafeLine WAF rules to allow these actions while keeping your system secure.
What’s the Issue?
When uploading script files to Halo’s resource library or editing technical documents, Halo makes API calls like PUT and POST to endpoints such as:
-
apis/content.halo.run -
apis/api.console.halo.run
Some web application firewalls (like SafeLine) or reverse proxies may interpret these actions as suspicious and block them, causing upload failures or editing errors.
Why It Happens
By default, many WAF rule sets are designed to block potentially dangerous operations like file uploads or script modifications. While this is good for security, it can cause false positives when legitimate admins are working with content that requires those same actions.
How to Fix It (SafeLine WAF Example)
If you’re using SafeLine WAF, you can create a whitelist rule to allow these specific API calls. For example:
Whitelist actions:
- Allow PUT requests to
apis/content.halo.run - Allow POST requests to
apis/content.halo.run - Allow PUT requests to
apis/api.console.halo.run - Allow POST requests to
apis/api.console.halo.run
This ensures your Halo workflows continue without interruptions while other security protections remain active.
Note: Always test these changes in a non-production environment first to ensure no unexpected security gaps are introduced.
Rule Library Snapshot
- Whitelist rules: 1
- Blacklist rules: 0
- SafeLine version: 7.3.0 and above
Join the SafeLine Community
If you continue to experience issues, feel free to contact SafeLine support for further assistance.
Top comments (0)