Default Ban List causes /wp-admin/admin-ajax.php 403 — why? | WordPress.org

Marty
(@bozzmedia)

4 years, 5 months ago

Many thanks to @nlpro, who shared a fix for this issue on the following thread:

https://wordpress.org/support/topic/403-for-admin-ajax-php/

Disabling the ban list fixes the error.

Question is: why does the default ban list produce this 403 error for admin-ajax.php?

Thanks

Viewing 2 replies - 1 through 2 (of 2 total)

nlpro
(@nlpro)

4 years, 5 months ago

Hi Bozz,

The ban list includes a check for an empty user agent. So any remote request with an empty user agent is forbidden.

This basically means there is a simple solution. Add a user agent value to the admin-ajax.php request and you can keep using the ban list 😉

Thread Starter Marty
(@bozzmedia)

4 years, 5 months ago

That’s very interesting. In this instance it’s a form integrated with stripe. I wonder if Cloudflare is stripping the user agent.

At any rate, I super appreciate your insight and sharing the solution. You rock!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Default Ban List causes /wp-admin/admin-ajax.php 403 — why?’ is closed to new replies.

2 replies
2 participants
Last reply from: Marty
Last activity: 4 years, 5 months ago
Status: not resolved