Home › Forums › BulletProof Security Pro › 403 for POST Requests
- This topic has 5 replies, 2 voices, and was last updated 2 weeks, 6 days ago by
AITpro Admin.
-
AuthorPosts
-
Fredel007
ParticipantHey guys,
hope you may help.
I am running Cloudflare and after flushing the cache all works good (so generally the wp-json seems to work / not being blocked), but after some time (e.g. 1/2 day) i get 403 errors for POST Requests by a Plugin.
POST https://www.bergtour-online.de/wp-json/wordpress-popular-posts/v2/views/2451 403 (Forbidden) wpp.min.js?ver=7.2.0:4
I feels like if cloudflare server have cached site and are making the requests they may be blocked, but tbd i have not so much experience in this 🙂 I created bypass & Whitelist for /wp-json/ in cloudflare.
Do you have any idea / setting i may test in BPS Pro?
Thanks a lot!
AITpro Admin
KeymasterAre you using the BPS POST Attack Protection Bonus Custom Code > https://forum.ait-pro.com/forums/topic/post-request-protection-post-attack-protection-post-request-blocker/ If so, then delete it from Custom Code.
Fredel007
Participanthey thanks for super fast reply as always.
unfortunately not using that, just
Security headers (optional)
<IfModule mod_headers.c>
Header always set X-Content-Type-Options “nosniff”
Header always set X-Frame-Options “SAMEORIGIN”
Header always set X-XSS-Protection “1; mode=block”
Header always set Referrer-Policy “no-referrer-when-downgrade”
</IfModule>but afaik that shouldn’t be it. any change i provide you the complete htaccess for quick look, or should i put a new one in for test?
or any other setting i should do (whitelist etc. looking fine)
thx so much!
AITpro Admin
KeymasterIf you are not using the BPS POST Attack Protection code then most likely ModSecurity installed on your web host is causing the 403 error. BPS logs all 403 errors whether or not BPS is blocking something. Another possibility is that a GET and a POST Request are being used together. ie GET Request to a POST Request, which I see more and more of lately. Seems like people don’t feel that following any sort of coding standards is important to do anymore. If the 403 error was occurring constantly then I would have you do the BPS troubleshooting steps, but since it occurs randomly over a period of time then my guess is that the cache gets corrupted after X time and then ModSecurity blocks that corrupted cache situation.
Fredel007
Participantok thanks again!
i just figured out it seems that problemn occurs only in privacy mode of browsers, which gives me more questions than before. do you have any recommendation what i should check, and sorry again its not so much BPS related then?thx again
AITpro Admin
KeymasterIf that is even possible to control then it would be a Cloudflare option setting. ModSecurity will officially reach End of Life by 7-1-2025. It has been a nightmare for years and it is finally going into the trash bin. Thank god
-
AuthorPosts
- You must be logged in to reply to this topic.