API calls return 403 because of RewriteRule
-
The default ban list in Configure > Lockouts > Ban Users adds a bunch of lines to the .htaccess
I had to comment out the line in my .htaccess because API Calls to my site were being blocked. But I’m unsure what this line actually does…
RewriteRule ^.* - [F,L]Could someone please enlighten me?
Thank you!
-
Hi @volkerharz,
A rewrite rule consists of the following structure:
RewriteRule Pattern Substitution [Flags]
RewriteRule: specifies the RewriteRule directive
Pattern: a PCRE (Perl Compatible Regular Expression) that matches the desired string. You can learn more about regular expressions here.^ -> Called an anchor, matches the beginning of the string
. -> Matches any single character
* -> Repeats the previous match zero or more timesSubstitution: where should the matching requests be sent
A dash (-) means do nothing.
[Flags]: optional parameters to modify the rule. For more information on the available flags and their meanings, see Apache’s documentation on Rewrite Flags.
[F]
Forbidden: instructs the server to return a 403 “Forbidden” response to the client.
[L]
Last rule: instructs the server to stop rewriting after the preceding directive is processed.Most likely the API Calls HTTP_USER_AGENT is empty which triggers the RewriteRule.(RewriteCond %{HTTP_USER_AGENT} “^$” [NC,OR]).
+++++ To prevent any confusion, I’m not iThemes +++++
Hi @nlpro you’re awesome! Thank you!
Most likely the API Calls HTTP_USER_AGENT is empty which triggers the RewriteRule.(RewriteCond %{HTTP_USER_AGENT} “^$” [NC,OR]).
Totally makes sense now. Thanks.
Edit: Seems i have to a deactive the default ban list as ithemes keeps overwriting .htaccess.
- The topic ‘API calls return 403 because of RewriteRule’ is closed to new replies.
