WordPress API Error with CF

What is the name of the domain?

devakesu.com

What is the error message?

The REST API encountered an unexpected result When testing the REST API, an unexpected result was returned: REST API Endpoint: https://www.devakesu.com/wp-json/wp/v2/types/post?context=edit REST API Response: (403) Forbidden Your site could not complete a loopback request Unable to detect the presence of page cache

What is the issue you’re encountering

WordPress REST API Loopback returning 403 with CF

What steps have you taken to resolve the issue?

Turning off Proxying DNS through CF resolves the issue.

What are the steps to reproduce the issue?

The following errors shown up in WordPress Site Health.

May I ask if you’re using a Free or Paid Cloudflare plan type for your domain? :thinking:

I’d suggest you to double-check the Security → Events at Cloudflare dashboard under your Cloudflare account for your zone, or via direct link https://dash.cloudflare.com/?to=/:account/:zone/security/events.

You should be able to see the challenged or blocked event under the Security tab → Events at Cloudflare dashboard for your zone and know exactly which security option was triggered. Could be Managed Rules my best guess, otherwise Bot Fight Mode or Browser Integrity Check.

Once you find them, click on a particular one to find more details about it (user-agent, IP, HTTP version …). If yes, could you share some details which service was triggered that blocked you?

  • you should see your origin host/server IP out there and user-agent like WP-cron or WordPress/version

Just in case if you encouter some issues and/or errors, since it’s related to the WordPress, I’d suggest you to allowlist your origin host / server / hosting IP address by navigating to the Security → WAF → Tools → IP Access Rules with the action “allow” for your Website and try again.

It knows to happen due to the WordPress using HTTP/1.0 and empty user-agent, therefore while executing WP-Cron or some other related JSON/REST API request via plugin which triggers the WAF rules (as it should normally).

This topic was automatically closed after 15 days. New replies are no longer allowed.