CSS generation with quic.cloud (load css async)

  • Resolved gtaretrofits

    (@gtaretrofits)


    1 month, 2 weeks ago

    QUIC.cloud CCSS returning node_wpapi_failed on every attempt. SiteGround confirmed requests reach the server fine. Wordfence allowlisted. Domain reconnected. REST API responds correctly from browser. LiteSpeed log shows the job posts to eu-service-ctr2.quic.cloud successfully with usage incrementing (quota going up each attempt), but callback always fails. Self-curl also returning 202 on some URLs instead of 200.

    Snippets of the logs:

    02/27/26 19:45:56.133 [216.128.179.195:12136 1 9K2] ❄️ posting to : https://eu-service-ctr2.quic.cloud/queue
    02/27/26 19:45:57.530 [216.128.179.195:12136 1 9K2] ❄️ Service TTL to save: 1761
    02/27/26 19:45:57.532 [216.128.179.195:12136 1 9K2] ❄️ ❌ Hit err _code: node_wpapi_failed
    02/27/26 19:45:57.532 [216.128.179.195:12136 1 9K2] ❄️ ❌ _err: WordPress gave an unexpected response when notified with QUIC.cloud service results. Check WP API is properly configured. --- array ( '_res' => 'err', '_code' => 'node_wpapi_failed', '_msg' => 'WordPress gave an unexpected response when notified with QUIC.cloud service results. Check WP API is properly configured.', '_ttl' => 1761, )
    02/27/26 19:45:58.649 [216.128.179.195:12136 1 9K2] 🕸️ ❌ Response code is not 200 in self_curl() [code] 202

    02/27/26 19:45:45.988 [216.128.179.195:12136 1 JS1] [REST] ✅ Internal REST ON [filter] rest_request_before_callbacks
    02/27/26 19:45:45.989 [216.128.179.195:12136 1 JS1] [REST] ❎ Internal REST OFF [filter] rest_request_after_callbacks

Viewing 12 replies - 1 through 12 (of 12 total)
  • Plugin Support qtwrk

    (@qtwrk)

    1 month, 2 weeks ago

    please provide the report number

    you can get it in toolbox -> report -> click “send to LiteSPeed”

    Thread Starter gtaretrofits

    (@gtaretrofits)

    1 month, 2 weeks ago

    NSBGFBZT

    Plugin Support qtwrk

    (@qtwrk)

    1 month, 2 weeks ago

    i think this is what blocks node connection

    Thread Starter gtaretrofits

    (@gtaretrofits)

    1 month, 2 weeks ago

    So quic’s own bot detection has been driving me insane for hours. Phenomenal. Once I added the quic ip list (well 100 of the 154) to my allow list, I don’t have the issue. That is insanely frustrating.

    Plugin Support qtwrk

    (@qtwrk)

    1 month, 2 weeks ago

    <html><head><link rel="icon" href="data:;"><meta http-equiv="refresh" content="0;/.well-known/sgcaptcha/?r=%2F%3Frest_route%3D%2Flitespeed%2Fv1%2Fnotify_img&y=.....

    from my test, the response I got when sending request from node , it is blocked by sgcaptcha , which I believe stands for SiteGround anti-bot challenge

    Thread Starter gtaretrofits

    (@gtaretrofits)

    1 month, 1 week ago

    I spoke back with Siteground, and they said the following;

    I reviewed our logs again and did not find any requests for “wp-json/litespeed/v1/” that were intercepted by our CAPTCHA.

    However, I did identify requests for “wp-content/litespeed/js” originating from IP addresses included in your list, which did trigger our CAPTCHA protection.

    Please find some examples below:

    40.160.225.31 gtaretrofits.com [28/Feb/2026:10:09:35 +0000] "GET /wp-content/litespeed/js/ec341c476230fa5d5e6247afc1ee6c79.js?ver=e6c79 HTTP/1.1" 202 247 JA4:t13d171100_5b57614c22b0_6f9e9b12b7f2 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" 40.160.225.31 gtaretrofits.com [28/Feb/2026:10:09:35 +0000] "GET /wp-content/litespeed/js/99bafabe72a592ebccdc3649878e0664.js?ver=e0664 HTTP/1.1" 202 247 JA4:t13d171100_5b57614c22b0_6f9e9b12b7f2 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" 40.160.225.31 gtaretrofits.com [28/Feb/2026:10:09:35 +0000] "GET /wp-content/litespeed/js/3a999dcfb6dbe8a4cfb843c4c550bc9e.js?ver=0bc9e HTTP/1.1" 202 247 JA4:t13d171100_5b57614c22b0_6f9e9b12b7f2 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" 45.63.67.181 gtaretrofits.com [28/Feb/2026:19:22:18 +0000] "GET /wp-content/litespeed/js/3a999dcfb6dbe8a4cfb843c4c550bc9e.js?ver=0bc9e HTTP/1.1" 202 246 JA4:t13d171100_5b57614c22b0_6f9e9b12b7f2 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Mobile Safari/537.36" 45.63.67.181 gtaretrofits.com [28/Feb/2026:19:22:18 +0000] "GET /wp-content/litespeed/js/1390b6f41ffc89d031f119200d17cfc5.js?ver=7cfc5 HTTP/1.1" 202 246 JA4:t13d171000_5b57614c22b0_78e6aca7449b "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Mobile Safari/537.36" 45.63.67.181 gtaretrofits.com [28/Feb/2026:19:22:19 +0000] "GET /wp-content/litespeed/js/352e3b3c446170a22d981ce29dd82deb.js?ver=82deb HTTP/1.1" 202 246 JA4:t13d171000_5b57614c22b0_78e6aca7449b "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Mobile Safari/537.36" 199.59.247.242 gtaretrofits.com [28/Feb/2026:23:09:31 +0000] "GET /wp-content/litespeed/js/0fbfad801b822e1fdad7662dbc3d391c.js?ver=d391c HTTP/1.1" 202 248 JA4:t13d171100_5b57614c22b0_6f9e9b12b7f2 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6.7 Mobile/15E148 Safari/604.1"

    Would It be worth it to whitelist the IP ranges of the nodes I’m currently connected to?
    81.31.156.0/24, 54.36.103.0/24, 31.131.4.0/24

    Plugin Support qtwrk

    (@qtwrk)

    1 month, 1 week ago

    the request path was /?rest_route=/litespeed/......

    and probably better not to whitelist a whole /24 though …

    Thread Starter gtaretrofits

    (@gtaretrofits)

    1 month, 1 week ago

    It’s true, quic just has a ton of IP’s to cover, while SG only allows 5 on a whitelist.
    Thanks for your help so far, I”ll report back with what SG says.

    Thread Starter gtaretrofits

    (@gtaretrofits)

    1 month, 1 week ago

    Well it seems you were right with the URL (as you knew), but Siteground does find issues with a few of the IP’s used.

    “I have reviewed the logs and can confirm that requests such as the following were flagged by our CAPTCHA system:

    57.129.146.219 POWC gtaretrofits.com [01/Mar/2026:09:00:09 +0000] "POST /?rest_route=/litespeed/v1/notify_ccss HTTP/1.1" 202 216 JA4:t13d171100_5b57614c22b0_6f9e9b12b7f2 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; qcbot/1.0; +http://quic.cloud/bot.html ) Chrome/112.0.0.0 Safari/537.36" 135.125.104.145 POWC gtaretrofits.com [01/Mar/2026:09:45:11 +0000] "POST /?rest_route=/litespeed/v1/notify_ccss HTTP/1.1" 202 217 JA4:t13d171000_5b57614c22b0_78e6aca7449b "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; qcbot/1.0; +http://quic.cloud/bot.html ) Chrome/112.0.0.0 Safari/537.36"

    Although the user agent indicates qcbot/1.0, the IP address 57.129.146.219 also generated requests using a different user agent that is considered suspicious:

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36

    Public reports associate this type of activity with irregular or potentially malicious behavior. For reference, you may review the following article, which includes examples of similar user agents:

    https://tehtris.com/en/blog/our-selection-of-alerts-on-honeypots-report-4-february-2023/

    A similar pattern was observed for the other IP address, which also made requests using the Go-http-client user agent.

    As a temporary measure, I have removed the limits on both IP addresses. However, I strongly recommend contacting QUIC.cloud to confirm whether these suspicious user agents are legitimately used by their service.

    Look forward to your reply.

    • This reply was modified 1 month, 1 week ago by gtaretrofits.
    Plugin Support qtwrk

    (@qtwrk)

    1 month, 1 week ago

    yes, it’s kind of the way how it works , the website may respond differently based on user agent, typically , to differentiate mobile and desktop , so in this case for UCSS/CCSS/VPI , it will send request in few different UA , for example , to fetch/visit your page to generate CCSS or UCSS , or VPI , as desktop , then it will do chrome desktop ua , and/or to fetch your page as mobile device, then it will do chrome mobile ua

    and lastly , when it posts result back to your site, it will use qcbot ua

    Thread Starter gtaretrofits

    (@gtaretrofits)

    1 month, 1 week ago

    Would you be able to confirm if those specific user agents being used are the legitimate ones being used by your service, just so that I have something firm to report to siteground?

    Plugin Support qtwrk

    (@qtwrk)

    1 month, 1 week ago

    yes , when a page is queued for something , say CCSS , it will queue the page , type , requested UA (whoever triggers this queue with bot-like ua cleansing) , post it to QC node

    QC node then will use this user agent to fetch page , get critical css, then use qcbot ua post it back to site.

    • This reply was modified 1 month, 1 week ago by qtwrk.
    • This reply was modified 1 month, 1 week ago by qtwrk.
Viewing 12 replies - 1 through 12 (of 12 total)

You must be logged in to reply to this topic.