Display – REST API Response: (403) Forbidden

  • Resolved Website Rob

    (@website-rob)


    1 year, 3 months ago

    Greetings,

    Getting this msg. in Site Health.

    When testing the REST API, an unexpected result was returned:

    REST API Endpoint: https://example.com/wp-json/wp/v2/types/post?context=edit
    REST API Response: (403) Forbidden

    Access to anything in /wp-json/ I have restricted by IP addresses of only the server and website. The error is happening because some other IP address is trying to access and that IP address is a Nameserver Shared IP. As many sites use a Shared IP, I’m trying to find the Domain name associated with the IP.

    What is confusing to me is the REST API Endpoint is using the correct Domain name but a different IP address – which is why it is blocked.

    I was hoping this Plugin would help me to determine where or why, whatever file within WordPress; Core, Plugin or Theme, is making the call. Currently I am using Rest API Log v1.6.9 and see that it only shows Response Code 200 and not anything else, like a 403. Are there any plans in future plugin versions to include other Response Codes? Or, if you are able, is there another plugin you can recommend, that will help with this type problem?

    Thanks

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Pete Nelson

    (@gungeekatx)

    1 year, 3 months ago

    The REST API Log plugin will log other statuses beyond the usual 200 code. How are you restricting access to /wp-json/ via IP addresses? If it’s done outside of WP (nginx config, .htaccess, firewall rule, etc), then the plugin code would not pick up those instances.

    Thread Starter Website Rob

    (@website-rob)

    1 year, 3 months ago

    Please re-read the original post. The website does have access, it is the strange IP address that does not.

    The blocked IP only shows when I use Site Health. As that is called by WordPress and from within the Domain name | allowed IP address – it is not being blocked. Every other call made by Site Health operates and records correctly as a 200 Status.

    Another plugin I’m using, Log HTTP Requests, and when I use Site Health, it does record the call as a 403 Status but does not give me enough information. I was hoping the Rest API Log would record the Site Health call and provide more information but it is not.

    Thread Starter Website Rob

    (@website-rob)

    1 year, 3 months ago

    Problem was resolved using a Server level IP Tables rule. I have also seen where the Rest API plugin does show other Status then just 200.

    So all is good. Although the plugin did not help with my particular problem, and not sure if it could have, some troubleshooting methods require a higher server level investigation.

    All the best.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Display – REST API Response: (403) Forbidden’ is closed to new replies.