JILI999PH com Register Login Philippines.Enjoy Free 888+200 Daily Legal Bonus

Resolved Peter Smits
(@psmits1567)

2 years ago

Hi
My statistics overview page does not work
It appears that the rest api call is blocked
I get a 403 error on this call
https://xxxx.com/wp-json/wp-statistics/v2/hit
What is causing this problem, because WordPress health does report that the REST API is active and working
I disabled all plugins, and my .htaccess file without succes

Viewing 4 replies - 1 through 4 (of 4 total)

Plugin Author Mostafa Soufi
(@mostafas1990)

2 years ago

Hi,

Can you please check the response of the HTTP request on your Network > XHR? I guess your webserver is blocked due to some reason.

https://wp-statistics.com/resources/troubleshoot-with-cache-plugins/

Thread Starter Peter Smits
(@psmits1567)

2 years ago

I checked your suggestion, but there are no XHR errors to see in Network
The below lines are from my console
`jquery.js?ver=3.6.1:10135 XHR finished loading: POST “https://xxxx.com/wp-admin/admin-ajax.php”.
send @ jquery.js?ver=3.6.1:10135
ajax @ jquery.js?ver=3.6.1:9716
jQuery.ajax @ jquery-migrate.js?ver=3.3.2:305
connect @ heartbeat.js?ver=6.1.1:416
(anonymous) @ heartbeat.js?ver=6.1.1:511
Navigated to https://xxxx.com/wp-admin/admin.php?page=wps_overview_page
jquery-migrate.js?ver=3.3.2:69 JQMIGRATE: Migrate is installed with logging active, version 3.3.2
jquery.js?ver=3.6.1:3832 [Violation] ‘setTimeout’ handler took 82ms
jquery.js?ver=3.6.1:3832 [Violation] ‘setTimeout’ handler took 71ms
jquery.js?ver=3.6.1:3832 [Violation] ‘setTimeout’ handler took 181ms
jquery.js?ver=3.6.1:3832 [Violation] ‘setTimeout’ handler took 65ms
[Violation] Forced reflow while executing JavaScript took 37ms
jquery.js?ver=3.6.1:3832 [Violation] ‘setTimeout’ handler took 63ms
jquery.js?ver=3.6.1:10135 XHR finished loading: GET “https://xxxx.com/wp-json/wp-statistics/v2/metabox?name=summary&_=1669110277078”.
send @ jquery.js?ver=3.6.1:10135
ajax @ jquery.js?ver=3.6.1:9716
jQuery.ajax @ jquery-migrate.js?ver=3.3.2:305
t @ admin.min.js?ver=1669110276:1
c.ajaxq @ admin.min.js?ver=1669110276:1
d.ajaxQ @ admin.min.js?ver=1669110276:1
d.run_meta_box @ admin.min.js?ver=1669110276:1
(anonymous) @ admin.min.js?ver=1669110276:1
d.run_meta_boxes @ admin.min.js?ver=1669110276:1
(anonymous) @ admin.min.js?ver=1669110276:1
mightThrow @ jquery.js?ver=3.6.1:3766
process @ jquery.js?ver=3.6.1:3834
setTimeout (async)
(anonymous) @ jquery.js?ver=3.6.1:3872
fire @ jquery.js?ver=3.6.1:3500
fireWith @ jquery.js?ver=3.6.1:3630
fire @ jquery.js?ver=3.6.1:3638
fire @ jquery.js?ver=3.6.1:3500
fireWith @ jquery.js?ver=3.6.1:3630
ready @ jquery.js?ver=3.6.1:4110
completed @ jquery.js?ver=3.6.1:4120
chunk-frontend-vendors.js?ver=1669110276:13 XHR finished loading: POST “https://xxxx.com/wp-admin/admin-ajax.php”.
(anonymous) @ chunk-frontend-vendors.js?ver=1669110276:13
t.exports @ chunk-frontend-vendors.js?ver=1669110276:13
t.exports @ chunk-frontend-vendors.js?ver=1669110276:13
Promise.then (async)
c.request @ chunk-frontend-vendors.js?ver=1669110276:1
o.forEach.c.<computed> @ chunk-frontend-vendors.js?ver=1669110276:1
(anonymous) @ chunk-frontend-vendors.js?ver=1669110276:1
(anonymous) @ chunk-common.js?ver=1669110276:1
a @ chunk-common.js?ver=1669110276:1
Rt @ chunk-common.js?ver=1669110276:1
(anonymous) @ chunk-frontend-vendors.js?ver=1669110276:13
y.dispatch @ chunk-frontend-vendors.js?ver=1669110276:13
dispatch @ chunk-frontend-vendors.js?ver=1669110276:13
(anonymous) @ frontend.js?ver=1669110276:1
(anonymous) @ chunk-common.js?ver=1669110276:1
tryCatch @ regenerator-runtime.js?ver=0.13.9:63
invoke @ regenerator-runtime.js?ver=0.13.9:294
(anonymous) @ regenerator-runtime.js?ver=0.13.9:119
r @ chunk-frontend-vendors.js?ver=1669110276:20
c @ chunk-frontend-vendors.js?ver=1669110276:20
(anonymous) @ chunk-frontend-vendors.js?ver=1669110276:20
(anonymous) @ chunk-frontend-vendors.js?ver=1669110276:20
(anonymous) @ chunk-common.js?ver=1669110276:1
(anonymous) @ chunk-frontend-vendors.js?ver=1669110276:13
y.dispatch @ chunk-frontend-vendors.js?ver=1669110276:13
dispatch @ chunk-frontend-vendors.js?ver=1669110276:13
o.dispatch @ chunk-frontend-vendors.js?ver=1669110276:13
ye @ chunk-common.js?ver=1669110276:1
(anonymous) @ chunk-frontend-vendors.js?ver=1669110276:13
y.dispatch @ chunk-frontend-vendors.js?ver=1669110276:13
dispatch @ chunk-frontend-vendors.js?ver=1669110276:13
mounted @ frontend.js?ver=1669110276:1
ne @ chunk-frontend-vendors.js?ver=1669110276:7
Un @ chunk-frontend-vendors.js?ver=1669110276:7
In @ chunk-frontend-vendors.js?ver=1669110276:7
Sr.$mount @ chunk-frontend-vendors.js?ver=1669110276:7
(anonymous) @ frontend.js?ver=1669110276:1
load (async)
d67f @ frontend.js?ver=1669110276:1
i @ frontend.js?ver=1669110276:1
4 @ frontend.js?ver=1669110276:1
i @ frontend.js?ver=1669110276:1
n @ frontend.js?ver=1669110276:1
(anonymous) @ frontend.js?ver=1669110276:1
(anonymous) @ frontend.js?ver=1669110276:1
jquery.js?ver=3.6.1:10135 XHR finished loading: GET “https://xxxx.com/wp-json/wp-statistics/v2/metabox?name=browsers&_=1669110277079”.
send @ jquery.js?ver=3.6.1:10135
ajax @ jquery.js?ver=3.6.1:9716
jQuery.ajax @ jquery-migrate.js?ver=3.3.2:305
t @ admin.min.js?ver=1669110276:1
i @ admin.min.js?ver=1669110276:1
fire @ jquery.js?ver=3.6.1:3500
fireWith @ jquery.js?ver=3.6.1:3630
done @ jquery.js?ver=3.6.1:9822
(anonymous) @ jquery.js?ver=3.6.1:10083
load (async)
send @ jquery.js?ver=3.6.1:10102
ajax @ jquery.js?ver=3.6.1:9716
jQuery.ajax @ jquery-migrate.js?ver=3.3.2:305
t @ admin.min.js?ver=1669110276:1
c.ajaxq @ admin.min.js?ver=1669110276:1
d.ajaxQ @ admin.min.js?ver=1669110276:1
d.run_meta_box @ admin.min.js?ver=1669110276:1
(anonymous) @ admin.min.js?ver=1669110276:1
d.run_meta_boxes @ admin.min.js?ver=1669110276:1
(anonymous) @ admin.min.js?ver=1669110276:1
mightThrow @ jquery.js?ver=3.6.1:3766
process @ jquery.js?ver=3.6.1:3834
setTimeout (async)
(anonymous) @ jquery.js?ver=3.6.1:3872
fire @ jquery.js?ver=3.6.1:3500
fireWith @ jquery.js?ver=3.6.1:3630
fire @ jquery.js?ver=3.6.1:3638
fire @ jquery.js?ver=3.6.1:3500
fireWith @ jquery.js?ver=3.6.1:3630
ready @ jquery.js?ver=3.6.1:4110
completed @ jquery.js?ver=3.6.1:4120

Thread Starter Peter Smits
(@psmits1567)

2 years ago

Hi,
I may have found the reason why the page is not working
This is what I found in the server log
[Tue Nov 22 10:09:41.581359 2022] [:error] [pid 8029:tid 139702778644224] [client 5.132.73.70:33712] [client 5.132.73.70] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/10_asl_rules.conf"] [line "523"] [id "340165"] [rev "292"] [msg "Atomicorp.com WAF Rules: Uniencoded possible Remote File Injection attempt in URI (AE)"] [data "/wp-json/wp-statistics/v2/hit?_=1669067933&_wpnonce=f97f6fb512&wp_statistics_hit_rest=yes&referred=https://xxxx.com&exclusion_match=no&exclusion_reason&track_all=1&current_page_type=home&current_page_id=8&search_query&page_uri=/"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Pattern match "=(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?)://" at REQUEST_URI. [hostname "psmits.com"] [uri "/wp-json/wp-statistics/v2/hit"] [unique_id "Y3yR1R6Bebl7NE3b6KPq6gAAABQ"], referer: https://xxxx.com/

Seems that the server is blocking the page due to what they call a “Injection attempt”

Plugin Author Mostafa Soufi
(@mostafas1990)

1 year, 11 months ago

Hi,

That’s correct, can you please put this endpoint in your white list of the firewall?
https://wiki.atomicorp.com/wiki/index.php/Atomic_ModSecurity_Rules#Step_5:_Create_the_whitelist_file

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘WP_STATISTICS\Admin_Notices->enable_rest_api()’ is closed to new replies.