Automation from Make.com with module Ghost Search Member is challenged by WAF

Questions
1

:bullseye: What is your goal?

Search existing members in Ghost based on a Watch members webhook and perform further actions.

:thinking: What is the problem & what have you tried?

My automation uses Ghost Watch Members webhook to fire on events. From there I use Ghost Search Member. Everything worked before on the Search Member but today I receive a response that the call used in this module is challenged by WAF. Sometimes it is working properly and sometimes it gets challenged. ( Most of the time )

:clipboard: Error messages or input/output bundles

I installed the make chrome extension to debug and I saw this as error:

[

    "Invalid item in module output",

    "<!DOCTYPE html>\n<html lang=\"en\">\n  <head>\n    <meta\n      http-equiv=\"Content-Security-Policy\"\n      content=\"default-src 'self'; img-src 'self' data:; media-src 'self' data:; object-src 'none'; style-src 'self' 'sha256-o4vzfmmUENEg4chMjjRP9EuW9ucGnGIGVdbl8d0SHQQ='; script-src 'self' 'sha256-KXex2o39zxtnzVWK4H5rW07g2+BlwSPtn+aguzsWkNg=';\"\n    />\n    <link\n      href=\"/_fs-ch-1T1wmsGaOgGaSxcX/assets/inter-var.woff2\"\n      rel=\"preload\"\n      as=\"font\"\n      type=\"font/woff2\"\n      crossorigin\n    />\n    <link href=\"/_fs-ch-1T1wmsGaOgGaSxcX/assets/styles.css\" rel=\"stylesheet\" />\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\" />\n    <title>Client Challenge</title>\n    <style>\n      #loading-error {\n        font-size: 16px;\n        font-family: 'Inter', sans-serif;\n        margin-top: 10px;\n        margin-left: 10px;\n        display: none;\n      }\n    </style>\n  </head>\n  <body>\n    <noscript>\n      <div class=\"noscript-container\">\n        <div class=\"noscript-content\">\n          <img\n            src=\"/_fs-ch-1T1wmsGaOgGaSxcX/assets/errorIcon.svg\"\n            alt=\"\"\n            role=\"presentation\"\n            class=\"error-icon\"\n          />\n          <span class=\"noscript-span\"\n            >JavaScript is disabled in your browser.</span\n          >\n          <p>Please enable JavaScript to proceed.</p>\n        </div>\n      </div>\n    </noscript>\n    <div id=\"loading-error\" role=\"alert\" aria-live=\"polite\">\n      A required part of this site couldn’t load. This may be due to a browser\n      extension, network issues, or browser settings. Please check your\n      connection, disable any ad blockers, or try using a different browser.\n    </div>\n    <script>\n      function loadScript(src) {\n        return new Promise((resolve, reject) => {\n          const script = document.createElement('script');\n          script.onload = resolve;\n          script.onerror = (event) => {\n            console.error('Script load error event:', event);\n            document.getElementById('loading-error').style.display = 'block';\n            loadingError.setAttribute('aria-hidden', 'false');\n            reject(\n              new Error(\n                `Failed to load script: ${src}, Please contact the service administrator.`\n              )\n            );\n          };\n          script.src = src;\n          document.body.appendChild(script);\n        });\n      }\n\n      loadScript('/_fs-ch-1T1wmsGaOgGaSxcX/errors.js')\n        .then(() => {\n          const script = document.createElement('script');\n          script.src = '/_fs-ch-1T1wmsGaOgGaSxcX/script.js?reload=true';\n          script.onerror = (event) => {\n            console.error('Script load error event:', event);\n            const errorMsg = new Error(\n              `Failed to load script: ${script.src}. Please contact the service administrator.`\n            );\n            console.error(errorMsg);\n            handleScriptError();\n          };\n          document.body.appendChild(script);\n        })\n        .catch((error) => {\n          console.error(error);\n        });\n    </script>\n  </body>\n</html>\n"

]
3

Welcome to the Make community!

If you have a WAF set up on your Ghost website, you’ll simply need to configure it to allow API traffic to bypass (or “allow” or “skip”) the security check.

Refer to your WAF documentation for further details.

— @samliew
P.S.: investing some effort into the tutorials in the Make Academy will save you lots of time and frustration using Make!

4

Thank you for the suggestion however Ghost.org does not allow me to control the WAF. It is a Saas on which we do not have any control over how their firewall is working.

5

In that case, contact Ghost support for further instructions on how to proceed, as the issue lies with them, not Make.