REST API restriction

  • There is an increasing number of requests on my side that webshop customers cannot load the site because of itsec_rest_api_access_restricted status 401.

    Now I understand the importance of REST API restriction but there is no info in plain English what it has to do with female customers opening a homepage eg. from a facebook link.

    This particular customer is blocked for days but she wants to buy products and is important to my client as you can guess.

    Please advise:
    1. If she clears cookies of the site may it resolve the problem? Or it has nothing to do with it?
    2. Is it a real security liability if I set REST API access to default? Will it solve the problem?
    3. Really what can cause this problem? I will ask her to write the time of attempts to look up in the sec.logs.

    Best regards,
    Champdor

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)

  • Hi,

    Will you please try disabling the following features to see if it helps?

    Hackrepair Blacklist Feature
    (Security> Settings> Banned Users)

    Filter Long URL Strings
    (Security> Settings> System Tweaks)

    Filter Suspicious Query Strings in the URL
    (Security> Settings> System Tweaks)

    Filter Non-English Characters
    (Security> Settings> System Tweaks)

    You may also try enabling XML-RPC and allowing Full Access to the REST API.
    (Security> Settings> WordPress Tweaks> XML-RPC)

    Thanks,

    Matt

    Thread Starter champdor

    (@champdor)

    I turned off Hackrepair and Long URLs, Suspicious and Non-English was turned off already.

    Waiting for the next complaint ??

    Thank you for your suggestions!

    Regards,
    Champdor

    Thread Starter champdor

    (@champdor)

    Anorher use case for REST API restriction 401: I use non-www domains with SSL. But more than one site I maintain throws error when I open them with www. Examples:
    https://suziartbag.hu – works
    https://www.suziartbag.hu – throws error

    Same with szuno.com

    Why redirection does not work here? Or why ITSEC thinks these are REST API calls?

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘REST API restriction’ is closed to new replies.