Access to REST API requests is restricted by Solid Security

  • Resolved kaoslink

    (@kaoslink)


    1 year ago

    Site Health in wordpress is reporting the following errors:

    When testing the REST API, an error was encountered:

    REST API Endpoint: https://mysite.co.uk/wp-json/wp/v2/types/post?context=edit
    REST API Response: (http_request_failed) cURL error 28: Connection timed out after 10001 milliseconds

    When I visit the page, I see the following message:

    {“code”:”itsec_rest_api_access_restricted”,”message”:”You do not have sufficient permission to access this endpoint. Access to REST API requests is restricted by Solid Security settings.”,”data”:{“status”:401}}

    If I change the API access in Solid Security from ‘Restricted’ to ‘Default’ I receive a different message as follows:

    {“code”:”rest_forbidden_context”,”message”:”Sorry, you are not allowed to edit posts in this post type.”,”data”:{“status”:401}}

    Site Health still reports the same errors:

    When testing the REST API, an error was encountered:

    REST API Endpoint: https://mysite.co.uk/wp-json/wp/v2/types/post?context=edit
    REST API Response: (http_request_failed) cURL error 28: Connection timed out after 10001 milliseconds

    Site Health is also reporting that the following scheduled event is late:

    The scheduled event, itsec_cron, is late to run. Your site still works, but this may indicate that scheduling posts or automated updates may not work as intended.

    I am logged in as an admin…Increased PHP memory limit to 512M, cleared caches and reset permalinks, but the errors still show in Site Health ??

    Server: Linux 3.10.0-1160.53.1.el7.x86_64 x86_64
    Web server: Apache
    PHP version: 8.0.30
    PHP SAPI: fpm-fcgi
    cURL version: 7.29.0 NSS/3.53.1

    What could be causing these errors? Do I need to change a value in Solid Security or increase a timeout value somewhere? Any help appreciated.

    • This topic was modified 1 year ago by kaoslink.
    • This topic was modified 1 year ago by kaoslink.

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support chandelierrr

    (@shanedelierrr)

    Hi @kaoslink, thanks for reaching out, and we’re happy to help!

    The Site Health page built into WordPress is great for helping to isolate issues you are seeing on your site, but especially with a product like Solid Security installed it can also be a source of “false flags” where expected functionality (like the REST API built into WordPress, in your case) is being restricted for security, and that flags the system to alert you that the REST API is not working, when in reality it is.

    So let’s step back and ask a different question: other than the Site Health errors, are you seeing any issues on the site where something is not working? Before we go digging into specific things like making sure cURL is working or troubleshooting the wp-cron, it’s wise to isolate whether this is a true issue you are seeing on your site, or just a case of the Site Health tool getting duped by a security plugin.

    Just so you know, getting a 401 code when accessing that REST API Endpoint is the expected response, as that endpoint refers to “editing” a post type, but it’s not possible to edit a post type via API.

    Looking forward to hearing from you!

    Thread Starter kaoslink

    (@kaoslink)

    Thanks for taking the time to reply @shanedelierrr

    I’m not experiening any other issues currently, so presumably then what you are saying is that it could be a false positive being generated by Site Health, so in that case I guess I should just ignore the errors for the time being and wait to see if any further problems occur later down the line…

    Plugin Support chandelierrr

    (@shanedelierrr)

    @kaoslink, you’re welcome, and that sounds like a plan! Feel free to contact us again if you’re experiencing issues when using Solid Security, and we’re always happy to help.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Access to REST API requests is restricted by Solid Security’ is closed to new replies.