• Resolved marcusdeman

    (@marcusdeman)


    Hi!

    When performing a site scan the following message appears:

    —————-

    Error Message: Unable to determine if the scan target is allowed: Target site returned invalid response. Do you have a plugin that disables access to the REST API? For instance, Coming Soon Page, W3 Total Cache, Password Protected, Members, Profile Builder, Disable Login, Clearfy, Disable REST API, REST API Toolbox, Defender Security, Shield Security, or Force Login? Try turning off that feature and using “Restricted REST API Access” in iThemes Security instead.

    Error Code: site_verification_failed.connection_error

    If you contact support about this error, please provide the following debug details:

    Array
    code => site_verification_failed.connection_error
    data => Array
    status => [integer] 401
    url => https://website.com

    We are not using any of these plugins. What else can be the issue?
    Does iThemes have some kind of debug section to pull up more information?

    • This topic was modified 3 months, 3 weeks ago by marcusdeman.
Viewing 12 replies - 1 through 12 (of 12 total)
  • Plugin Support chandelierrr

    (@shanedelierrr)

    Hi @marcusdeman, thanks for reaching out. We’re happy to help!

    The 401 error indicates that when Solid Security tries to scan the website, the server returns an “Unauthorized” response. The error details can be viewed on the Security > Logs, then view the Raw Details of the recent Site Scanner logs. 

    Can you please ensure that the plugin’s scanner IP address 67.227.194.4 isn’t blocked by the server, a plugin, or a setting? Please also try enabling the “Restricted REST API Access” in the plugin settings (Security > Settings > Advanced > WordPress Tweaks). Then, try to rerun the scan on the Site Scans page.

    If that doesn’t help, please try to do a conflict check using the steps here: Checking for a Conflict

    Please let me know if that helps.

    Plugin Support Ben Meredith

    (@benmeredithgmailcom)

    Hey @marcusdeman

    Following up here. Since we haven’t heard back, we’re assuming this issue is resolved. If it’s not, no worries, just open a new forum post! Have a great day!

    • This reply was modified 3 months, 2 weeks ago by Ben Meredith. Reason: accuracy. it's not a ticket
    Thread Starter marcusdeman

    (@marcusdeman)

    Hi Ben,

    So I have checked the log file again of iThemes / SolidWP.

    It tries to reach remote ip “10.128.63.162”

    When pinging the host from my own computer there is no response. Is the IP address still correct?

    Plugin Support chandelierrr

    (@shanedelierrr)

    Hi @marcusdeman, please excuse the slow turnaround!

    The IP address for the Site Scanner should still be 67.227.194.4.

    Would you mind sending the log details here?

    Thread Starter marcusdeman

    (@marcusdeman)

    id => 35457
    module => site-scanner
    type => warning
    code => scan-failure-client-error
    timestamp => 2024-01-29 15:32:30
    init_timestamp => 2024-01-29 15:32:28
    remote_ip => 10.128.63.162
    user_id => [empty string]
    url => wp-cron
    memory_current => 15618616
    memory_peak => 17432288
    data => Array
    results => Object WP_Error
    errors => Array
    site_verification_failed.connection_error => Array
    0 => Unable to determine if the scan target is allowed: Target site returned invalid response. Do you have a plugin that disables access to the REST API? For instance, Coming Soon Page, W3 Total Cache, Password Protected, Members, Profile Builder, Disable Login, Clearfy, Disable REST API, REST API Toolbox, Defender Security, Shield Security, or Force Login? Try turning off that feature and using "Restricted REST API Access" in iThemes Security instead.
    error_data => Array
    site_verification_failed.connection_error => Array
    status => [integer] 401
    url => https://website.com
    cached => [boolean] false

    I adjusted the url to not show our website domain.

    • This reply was modified 2 months, 2 weeks ago by marcusdeman.
    Plugin Support chandelierrr

    (@shanedelierrr)

    Hi @marcusdeman, thank you for the log! I see what you meant by the remote IP.

    That value does not indicate that the Site Scan is trying to reach that IP address. Instead, it shows the IP of whatever user is requesting your site at the time that Solid Security determines it needs to run the scheduled site scan. This part here: url => wp-cron says that the scan was run via WP Cron, and the user visit triggered the cron job that tells Solid Security to run the scan.

    Were you able to check if the Site Scanner’s IP address is blocked on your server? I’d also recommend checking that all these REST HTTP methods are allowed on your server for Solid Security to function correctly: GET, POST, PUT, PATCH, DELETE, and OPTIONS.

    Please let me know how it goes.

    Thread Starter marcusdeman

    (@marcusdeman)

    Hi Chandelierrr,

    Thanks for your response.

    How can I check whether the abovementioned REST HTTP methods are allowed?

    Plugin Support chandelierrr

    (@shanedelierrr)

    Hi @marcusdeman, please excuse the delay!

    First, kindly verify that the REST API is enabled by accessing this endpoint: https://yoursite.com/wp-json/wp/v2/. If you see data, that means it’s enabled.

    Then to check if the methods are enabled, you can make a request to the REST API endpoints using a curl command or HTTP client services like Postman and check the responses.

    Here’s the curl command for checking if the “OPTIONS” method is enabled:
    curl -X OPTIONS https://yoursite.com/wp-json/ithemes-security/v1/site-scanner/verify-scan (change the “OPTIONS” to other methods to check them). You can also ask your host for confirmation on the allowed HTTP methods.

    I hope this helps!

    Plugin Support chandelierrr

    (@shanedelierrr)

    Hi @marcusdeman, I’m checking in to see if you still need assistance.

    Tracking notifications on this forum can become tricky over time, and since we haven’t received a response, I’ll mark this post resolved.

    If you still require further assistance, feel free to open a new support topic, and we’d be happy to assist.

    Thank you!

    Thread Starter marcusdeman

    (@marcusdeman)

    Hi Chandelierrr,

    Sorry for the late response. I was a bit busy with things and did not have time yet to try your suggestions.

    But I managed to do it as of now and this is the response to the curl command:

    {“code”:”rest_cannot_access”,”message”:”DRA: Only authenticated users can access the REST API.”,”data”:{“status”:401}}

    What would be the next step?


    Plugin Support chandelierrr

    (@shanedelierrr)

    Hi @marcusdeman, thanks for the update. There is no need to apologize!

    I did a quick search, and the ”DRA: Only authenticated users can access the REST API.” message seems to be coming from the Disable REST API plugin. Would you mind double-checking if you have this installed on the site?

    If it’s not there, please send a copy of your Site Health Info and your .htaccess rules so we can check. It would also help if you could do a conflict check to confirm if the error persists when only Solid Security is active on your site.

    I’m looking forward to your response.

    Plugin Support chandelierrr

    (@shanedelierrr)

    Hi @marcusdeman, circling back here to see if you’re all set.

    Since we haven’t received a response, I’ll mark this post resolved. Please feel free to reach out again if you need help with Solid Security.

    Thanks!

Viewing 12 replies - 1 through 12 (of 12 total)
  • You must be logged in to reply to this topic.