Support » Plugin: NinjaFirewall (WP Edition) - Advanced Security » Litespeed Cache and NinjaFirewall : Failed to post via WordPress: “no auth_key

  • Resolved barnez

    (@pidengmor)


    For anyone else experiencing the same issue:

    Every few weeks I was finding the following error in my admin dashboard after logging in:

    
    Failed to post via WordPress: "hash does not match: ClientCB[<!DOCTYPE HTML PUBLIC "-\/\/IETF\/\/DTD HTML 2.0\/\/EN">
    <html><head><title>NinjaFirewall: 403 Forbidden<\/title><style>body{font-family:sans-serif;font-size:13px;color:#000;}<\/style><meta http-equiv="Content-Type" content="text\/html; charset=utf-8"><\/head><body bgcolor="white"><br \/><br \/><br \/><br \/><center>Sorry <b>206.189.100.139<\/b>, your request cannot be proceeded.<br \/>For security reason, it was blocked and logged.<br \/><br \/><img title="NinjaFirewall" src="https:\/\/www.xxxx.com\/wp-content\/plugins\/ninjafirewall\/images\/ninjafirewall_75.png" width="75" height="75"><br \/><br \/>If you think that was a mistake, please contact the<br \/>webmaster and enclose the following incident ID:<br \/><br \/>[ <b>#6464297<\/b> ]<\/center><\/body><\/html>] Server[c02QAieSMG1kDxmG]"
    
    Failed to post via WordPress: "no auth_key"
    

    After troubleshooting it seems that the LiteSpeed Cache plugin will make calls to their external server, so their server’s IPs need to be whitelisted by NinjaFirewall:

    
    142.93.112.87 
    68.183.55.115
    178.128.152.109
    206.189.203.203
    68.183.60.185
    206.189.100.139
    128.199.57.119
    159.89.13.42
    165.227.131.98
    45.76.44.137
    68.183.4.220
    68.183.180.19
    178.128.100.105
    139.59.59.66
    
Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Do you have any NinjaFirewall log line(s) to show why the request was blocked?

    It looks like these log line(s) from 206.189.100.139, although the last part of the IP4 address has been anonymised because of the privacy settings:

    
    10/Jan/19 22:19:34  #7438992  MEDIUM       -  206.189.100.xxx  POST /index.php - POST method without Referer header - [POST] - www.xxxxx.com
    21/Jan/19 05:54:20  #6464297  MEDIUM       -  206.189.100.xxx  POST /index.php - POST method without Referer header - [POST] - www.xxxxx.com
    31/Jan/19 22:10:44  #6287897  MEDIUM       -  206.189.100.xxx  POST /index.php - POST method without Referer header - [POST] - www.xxxxx.com
    
    Plugin Author nintechnet

    (@nintechnet)

    You have enabled the “Block POST requests that do not have an HTTP_REFERER header” policy, hence it is blocked because most scripts or applications won’t send an HTTP_REFERER when submitting a POST request.

    I see. I have reverted back to the default (No) for that option. Thanks.

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.