Blocked HTTP requests – 401 error

[happyday]

Hello, I am trying to get a plugin to communicate using the WordPress REST API with and endpoint (see below) but keep getting a 401 authorization error. The plugin developer said this is probably due to my hosting provider or BulletProof Security blocking HTTP requests. I have checked with my hosting provider and they said that everything looks ok on their end. I have also removed all custom codes from BPS, disabled the plugin, and manually removed all code from the .htaccess file but still receive the 401 error. Is there another way that BPS could be affecting this?

Endpoints I have tried:

https:///wp-json/wc/v1    *Not blocked, returns data ok*

https:///wp-json/wc/v1/orders    *401 error*

https:///wp-json/wc/v1/orders/shipment-trackings     *401 error, this is the endpoint I need to use ultimately that corresponds with my other plugin*

[AITpro Admin]

BPS htaccess code displays and logs 403 Forbidden HTTP Status Codes and not the 401 Unauthorized Status Code.  If you have done BPS Troubleshooting steps #1 and #2 and the problem is still occurring then you have completely eliminated that the BPS Root and wp-admin htaccess code/files are causing the 401 error.  Only the Root and wp-admin htaccess files could possibly cause a 401 error.  Check your server logs for clues.  ModSecurity could be causing the 401 errors or some other security protection feature in your web host control panel or host server or maybe even another plugin that you have installed.

[happyday]

Ok thank you!

[Richardoux]

Endpoints I have tried:

https:///wp-json/wc/v1    *Not blocked, returns data ok*

https:///wp-json/wc/v1/orders    *401 error*

https:///wp-json/wc/v1/orders/shipment-trackings     *401 error, this is the endpoint I need to use ultimately that corresponds with my other plugin*

It’s worked

[AITpro Admin]

@ Richardoux – So are you saying you fixed the problem or you are still having a problem?

[Richardoux]

I’m trying to fix it

[AITpro Admin]

The only htaccess code in BPS that would have anything to do with wp-json would be this BPS Bonus Custom Code > https://forum.ait-pro.com/forums/topic/wp-rest-api-block-json-requests-to-users-comments-routes/, but you would most likely be seeing 403 errors and not 401 errors.  Check if you are using that BPS Bonus Custom Code in BPS Custom Code or you can deactivate Root Folder BulletProof Mode on the BPS Security Modes page to eliminate that BPS Root htaccess code is causing this problem. A 401 error usually indicates you have some sort of Authorization problem. Are you doing anything like requiring an additional password to access the WordPress /wp-admin/ backend area? Or some other restriction or security measure for the WordPress /wp-admin/ backend area?

https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2

10.4.2 401 Unauthorized

The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.47) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity might include relevant diagnostic information. HTTP access authentication is explained in “HTTP Authentication: Basic and Digest Access Authentication” [43].

 

[Richardoux]

Thank you my bro!

[Author]

Posts