Firewall Rest API Endpoint Question

  • Resolved hiflyman

    (@hiflyman)


    5 months ago

    Hi, Your advise please on this issue.

    Recently the ecommerce function with NextGEN Gallery is blocked (with the Ninja WordPress REST API Block any access to the API enabled) for public users accessing galleries with ecommerce ordering functionality via a password protected page. Ecommerce functionality works as intended for logged in and admin viewing, and if the functionality is not enabled

    If restricting access to WordPress API is recommended as part of the security features, is there a work around or code snippet that can be implemented to allow ecommerce NextGen gallery side bar eccommerce funtions to be visable to user galleries hidden behind a password restricted page for non logged in users?

    Also as there are a few changes in the last few firwall update options and functionality is there a recommended latest version of the optimal settings guide for WP Edition? Always good to have a refresher. Thanks

    Your comments apprciated

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Contributor bruandet

    (@bruandet)

    5 months ago

    Do you know what request is blocked, i.e, which parameters (REST API URI, GET and POST) ?
    Maybe you can find them in the firewall log and post the corresponding lines here so that I can have a look at them.

    Thread Starter hiflyman

    (@hiflyman)

    5 months ago

    Hi, Thanks for replying. Logs data examples

    POST /ndex.php – WordPress: Blocked access to the WP REST API – [/wp-json/nggpro/v1/cart/items]
    GET /index.php – WordPress: Blocked access to the WP REST API – [/wp-json/custom/v1/?doing_wp_cron=1751342498.0515849590301513671875] –
    GET /index.php – WordPress: Blocked access to the WP REST API – [//wp-json/oembed
    POST /index.php – WordPress: Blocked access to the WP REST API – [/wp-json/nggpro/v1/cart/items]
    GET /wp-admin/admin-ajax.php – Blocked access to admin-ajax.php –
    POST /index.php – WordPress: Blocked access to the WP REST API – [/wp-json/nggpro/v1/cart/items]
    POST /wp-admin/admin-ajax.php – Blocked access to admin-ajax.php –

    Plugin Contributor bruandet

    (@bruandet)

    4 months, 4 weeks ago

    You could try to whitelist the REST API URI (/wp-json/nggpro/v1/cart/items) with the .htninja configuration file: https://blog.nintechnet.com/ninjafirewall-wp-edition-the-htninja-configuration-file/
    The code could be similar to this one:

    <?php
    // Whitelist /wp-json/nggpro/v1/cart/item
    if ( isset( $_SERVER['REQUEST_URI'] ) &&
       $_SERVER['REQUEST_URI'] == '/wp-json/nggpro/v1/cart/items') {

       define('NFW_UWL', true);
       return 'ALLOW'; 
    }
    Thread Starter hiflyman

    (@hiflyman)

    4 months, 3 weeks ago

    Thanks, i’ll look in to this

Viewing 4 replies - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.