2
Software Firewalls usually block the HTTP Referrer, which tells your site, where the user is coming from. If your site doesn't receive this referrer, it will not allow changes to the database (e.g. inserts and updates) but only select statements.
The check is called in include/common.php, where you can just remove that check. The security level enhancement from this step can be questioned, but many small steps...
There are SO many threads about this thing