Hi @viablethought thanks for this message.
Firstly, was there any more information provided after the 503 message you included? When you say HTML for the lockout screen, it’d be good to see if it’s literal code printed to the screen or differently presented. If a screenshot would be easier here, one can be uploaded to Snipboard, which will provide a link to include with your reply.
Secondly, it’d be great if you could send a diagnostic report to wftest @ wordfence . com by finding the link at the top of the Wordfence Tools > Diagnostics page. Click on the “Send Report by Email” button. Please add your forum username where indicated and respond here after you have sent it. This would help us see if there are any configuration problems causing this problem.
Note: For the fastest response time, please make sure and add any information or questions directly to this topic and not the email address above unless asked.
Thanks in advance,
Peter.
@wfpeter –
Here is a screenshot of the output: https://i.imgur.com/BgrPte4.png
Just sent the diagnostic report as well.
Thanks,
Jason
Hi @viablethought thanks for sending those over to us.
Towards the bottom of the screenshot with the unformatted HTML, it says “Advanced Blocking in Effect”. This is usually shown for the custom pattern blocks in Wordfence > Firewall > Blocking.
If you check back to that page, you may have set up a block there in the past including the IP that is trying to access the site here via API. We are able to replicate this issue if we set up a custom pattern block including our own server IPs. Make sure that you don’t have any custom pattern blocks set up which include your own server IPs (178.128.145.117, 104.27.131.212, 127.0.0.1).
Let me know how you get on!
Thanks,
Peter.
@wfpeter –
Good eye, I was able to locate the blocking pattern and remove it. However, it wasn’t the IP range that was the issue, it was the Host Name, which I find weird because I had thought that when specifying a blocking pattern like so:
IP Range: 91.121.0.0 – 91.121.255.255
Hostname: *.ip-91-121-183.eu
It would account for the combination of both the IP AND the Hostname, not just one or the other? So the site is hosted on Cloudways and the Hostname that was part of the blocking pattern was *.cloudwaysapps.com
Thanks for letting me know @viablethought and hopefully that’s resolved the API issue that you were seeing.
You will need a rule for the range 91.121.0.0 – 91.121.255.255 and a rule for *.ip-91-121-183.eu. As your server IP resolves to cloudwaysapps.com you definitely shouldn’t block *.cloudwaysapps.com.
Thanks,
Peter.
@wfpeter –
The site was getting hit by another site under a different IP on Cloudwways which is why that block was in place. What would be your suggestion for handling something like that when its a site on that same hostname?
Thanks,
Jason
Hi @viablethought and thanks for seeking further information from us,
If the blocks coming from your own host are not in an unusually large quantity, it would still be our recommendation to keep your own host unblocked. The Wordfence firewall will be able to manage malicious attempts as they come in.
As long as you’re not experiencing resource issues, this should be the best approach.
Thanks,
Peter.
