Hi Tahasin,
I’m not sure how Download Manager is uploading files, but it is absolutely the OWASP core WAF rules that were causing the issues we encountered. We use Cloudflare, but I would assume any WAF with the OWASP core ruleset would see the uploads as a threat and block the transfer. I don’t need assistance per se, leaving this for others that may encounter the same thing. If it can be addressed so these rules can be re-enabled, that would be great, but not a showstopper for us.
The rules that are triggered by download manager trying to upload are:
“[\”3500d96add324dcbbc0a93b2bd22c723\”,\”a882bfdf91b3440b83020de61d8cf992\”,\”753c98e3a15f4a389ea0b196c91b7247\”,\”c4926d96b87647329947ec2ccbc01671\”,\”a2e88d6e0e604f05b9e660567fbedd30\”,\”be337f9e5266487a8e67c008d732161b\”,\”f2db062052cf453fbe9e93f058ecf7e7\”,\”6afe6795ee6a48d6a1dfe59255395a78\”,\”cda7fcb45e304a589567d2021821e480\”,\”293e73c033b34a2290481c4718a93bb2\”,\”5a6f5a57cde8428ab0668ce17cdec0c8\”,\”d12ad6d1bc0c42b3affe0cee682bb405\”]
If these are marked as skip when /wp-admin/admin-ajax.php is the target, the uploads work.
