Cyberg Studio AS Posted May 25, 2023 Posted May 25, 2023 Downloaded the htaccess file, uploaded it to /api folder and renamed it .htaccess - logging into my ACP and hit continue = nada! Loging out ...cleaning cookies, browser cache and disable cloudflare. Loging in and clearing system caches Changed the premissions on the API .htaccess file from 644 to 775 - hitting Continue = nothing Disable root .htaccess and push Continue = nope! Cheking init.php and the API settings showing me the obvious 'NEXUS_LKEY_API_DISABLE' => TRUE, Manually edit from TRUE to FALSE // Commerce license key API settings // See https://remoteservices.invisionpower.com/docs/licenseapi 'NEXUS_LKEY_API_DISABLE' => FALSE, 'NEXUS_LKEY_API_CHECK_IP' => TRUE, 'NEXUS_LKEY_API_ALLOW_IP_OVERRIDE' => FALSE, I did got the API menu (forgot to screenshot it) and could brows the tabs but as soon as I hit Continue it went back to the "default" screen as seen below. ...help!
Jim M Posted May 25, 2023 Posted May 25, 2023 Please ensure that your server has both mod_setenvif and mod_rewrite enabled.
Cyberg Studio AS Posted May 25, 2023 Author Posted May 25, 2023 1 hour ago, Jim M said: Please ensure that your server has both mod_setenvif and mod_rewrite enabled. As far as I can see, those two mod's are enabled over at my hostingprovider - I have sendt them an suport ticket too just to clarify this.
Cyberg Studio AS Posted May 26, 2023 Author Posted May 26, 2023 2 hours ago, Cyberg Studio AS said: As far as I can see, those two mod's are enabled over at my hostingprovider - I have sendt them an suport ticket too just to clarify this. I got a reply from the folks at Namecheap. Quote Thank you for replying.According to our check, both mod_setenvif and mod_rewrite are installed and active on the server in question.To ensure the proper quality of the investigation, we will need to trigger the error (or the absence of certain elements on a page that should be enabled by the functionality that should be implemented).For us to do that, please describe the actions it takes to see the consequences of unfunctional modules you try to implement in a list format.If any login procedures and/or credentials are involved in the process, please share the information....... ...I wish there was an GRTFM option to this.
Marc Posted May 26, 2023 Posted May 26, 2023 Im not sure what else we can do from our point of view here. As mentioned, you would need to work with them to resolve
Cyberg Studio AS Posted May 26, 2023 Author Posted May 26, 2023 13 hours ago, Marc Stridgen said: Im not sure what else we can do from our point of view here. As mentioned, you would need to work with them to resolve Is there by any chance that the API functionality are contacting Invision servers for some sort of verification?
Jim M Posted May 26, 2023 Posted May 26, 2023 14 minutes ago, Cyberg Studio AS said: Is there by any chance that the API functionality are contacting Invision servers for some sort of verification? It does not. Cyberg Studio AS 1
Cyberg Studio AS Posted May 27, 2023 Author Posted May 27, 2023 This post was recognized by Jim M! "Thanks for following up with what you found!" Cyberg Studio AS was awarded the badge 'Helpful' and 3 points. Update! I have found the problem and solved it. It was a feature in CloudFlare that apparently conflicted with the API-call settings -- "Super Bot Fight Mode" was enabled and set to: Definitely automated (definitely automated traffic typically consists of bad bots) Selected action for this traffic was set to BLOCK. (mistakingly) blocking the access to /api MENU page. NB!!! In case you get any of these support requests in the future. - WAF rules do not override the settings of the Bot Fight Mode, so if you whitelist i.e. Hosting IP or URL/FULL URL it still get's blocked. - This feature does not get disabled when "Pause Cloudflare on Site" under Advanced Settings is enabled either. Jim M 1
Jim M Posted May 27, 2023 Posted May 27, 2023 Glad to hear you found the issue and thanks for sharing/explaining what you found! Cyberg Studio AS 1
Recommended Posts