Cloudflare firewall blocks wp-json (4xx error)

After troubleshooting errors like this for hours:

GET https://www.site.com/wp-admin/admin-ajax.php?_wpnonce=aafa0b8338&action=coauthors_ajax_suggest&post_type=post&q=user1&existing_authors=user66 403

I finally discovered that all errors go away if I whitelist the user’s ip on CF’s firewall.

I already tried using a Page Rule, and that didn’t work.

*site.com/wp-json/*
Disable security
Cache bypass
Disable performance

Any suggestions?

If the Firewall is blocking it, it should show up in Firewall → Overview and expanding the event in the log should show which Firewall setting blocked it.

Well, I found out one of my Firewall rules (created to avoid a search flood attack) is blocking the REST API on the editor

(http.request.uri.query contains "s=")

So now, how to I block search flood, while not affecting the REST API calls.

Nope…not that (my /s= idea). I think I’ve done this somewhere and need to dig around.

1 Like

Ah, found it:
(http.request.uri.path eq "/" and http.request.uri.query contains "s=")

Search should only happen from Root Path, so this should work. It may need some logic adjustments, but should point you in the right direction.

EDIT: (removed the NOT so it should match your original rule’s logic)

1 Like

Thanks, I’ll try that.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.