403 forbidden using MoreGallery

Hi,
I host a website on PlanetHoster and there is a Web Application Firewall (WAF) active on it.
In order to have MoreGallery working properly (the sorting of images wasn’t working) i had to deactivate several rules :

ID : 341256
info : Atomicorp.com WAF Rules: Possible Cross Site Scripting attack (detectXSS)
message : Access denied with code 403 (phase 2). detected XSS using libinjection.
Uri : /assets/components/moregallery/connector.php?resource=2573

ID : 340148
info : Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
message : Access denied with code 403 (phase 2). Pattern match “(?:< ?script|< ?(?:i?frame ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|zlib|(ht|f)tps?)\:/|document\.write ?\(|(?:<|< ?/) ?(?:(?:java|vb)script|applet|activex|chrome|qx?ss|embed)|< ?/?i?frame\b|< ?img src ?=|< ?base href ?=)” at ARGS:full_view.
Uri : /assets/components/moregallery/connector.php?resource=2573

ID : 350148
info : Atomicorp.com WAF Rules: Potentially Untrusted Web Content Detected
message : Access denied with code 403 (phase 2). Match of “rx ((?:submit(?:\+| )?(request)?(?:\+| )?>+|<<(?:\+| )remove|(?:sign ?in|log ?(?:in|out)|next|add|envoyer|modifier|select|continue|weiter|account|results)(?:\+| )?>+)$|^< ?\??(?: |\+)?xml|^<samlp|^>> ?$)” against “REQUEST_URI” required.
Uri : /assets/components/moregallery/connector.php?resource=2573

ID : 350147
info : Atomicorp.com WAF Rules: Potentially Untrusted Web Content Detected
message : Access denied with code 403 (phase 2). Match of “rx ((?:submit(?:\+| )?(request)?(?:\+| )?>+|<<(?:\+| )remove|(?:sign ?in|log ?(?:in|out)|next|modifier|envoyer|add|continue|weiter|account|results|select)(?:\+| )?>+)$|^< ?\??(?: |\+)?xml|^<samlp|^>> ?$)” against “ARGS:full_view” required.
Uri : /assets/components/moregallery/connector.php?resource=2573

I know nothing about WAF configuration but i had a lot of troubles with hacked modx websites by the past and i’m not very comfortable with these needs to deactivate those rules.
Do you know if there is something we can do/configure/change to avoid this situation?

Depending on the WAF you can try to disable those rules specifically for moregallery or requests with a referer from the manager. But yes those rules that work by looking for specific patterns are very easy to accidentally trip up.