Can't use REST API or / GraphQL - no response after uploading .htaccess file

[Cyberg Studio AS]

Downloaded the htaccess file, uploaded it to /api folder and renamed it .htaccess - logging into my ACP and hit continue = nada!

Loging out 

...cleaning cookies, browser cache and disable cloudflare. 

Loging in and clearing system caches

Changed the premissions on the API .htaccess file from 644 to 775 - hitting Continue = nothing

Disable root .htaccess and push Continue = nope!

Cheking init.php and the API settings showing me the obvious  'NEXUS_LKEY_API_DISABLE'  => TRUE, 

Manually edit from TRUE to FALSE 

// Commerce license key API settings
                // See https://remoteservices.invisionpower.com/docs/licenseapi
                'NEXUS_LKEY_API_DISABLE'                => FALSE,    
                'NEXUS_LKEY_API_CHECK_IP'                => TRUE,    
                'NEXUS_LKEY_API_ALLOW_IP_OVERRIDE'    => FALSE,

I did got the API menu (forgot to screenshot it) and could brows the tabs but as soon as I hit Continue it went back to the "default" screen as seen below.

...help!

 

[Jim M]

Please ensure that your server has both mod_setenvif and mod_rewrite enabled.

[Cyberg Studio AS]

1 hour ago, Jim M said:

Please ensure that your server has both mod_setenvif and mod_rewrite enabled.

As far as I can see, those two mod's are enabled over at my hostingprovider - I have sendt them an suport ticket too just to clarify this.

 

 

[Cyberg Studio AS]

2 hours ago, Cyberg Studio AS said:

As far as I can see, those two mod's are enabled over at my hostingprovider - I have sendt them an suport ticket too just to clarify this.

 

 

I got a reply from the folks at Namecheap. 

 

Quote

Thank you for replying.

According to our check, both mod_setenvif and mod_rewrite are installed and active on the server in question.

To ensure the proper quality of the investigation, we will need to trigger the error (or the absence of certain elements on a page that should be enabled by the functionality that should be implemented).

For us to do that, please describe the actions it takes to see the consequences of unfunctional modules you try to implement in a list format.

If any login procedures and/or credentials are involved in the process, please share the information.......

...I wish there was an GRTFM option to this. 

[Marc]

Im not sure what else we can do from our point of view here. As mentioned, you would need to work with them to resolve

[Cyberg Studio AS]

13 hours ago, Marc Stridgen said:

Im not sure what else we can do from our point of view here. As mentioned, you would need to work with them to resolve

Is there by any chance that the API functionality are contacting Invision servers for some sort of verification?

[Jim M]

14 minutes ago, Cyberg Studio AS said:

Is there by any chance that the API functionality are contacting Invision servers for some sort of verification?

It does not. 

[Cyberg Studio AS]

Update!

I have found the problem and solved it. 

It was a feature in CloudFlare that apparently conflicted with the API-call settings -- "Super Bot Fight Mode" was enabled and set to: Definitely automated (definitely automated traffic typically consists of bad bots) 

Selected action for this traffic was set to BLOCK. (mistakingly) blocking the access to /api MENU page.

NB!!!  In case you get any of these support requests in the future.

- WAF rules do not override the settings of the Bot Fight Mode, so if you whitelist i.e. Hosting IP or URL/FULL URL it still get's blocked. 

- This feature does not get disabled when "Pause Cloudflare on Site" under Advanced Settings is enabled either.

[Jim M]

Glad to hear you found the issue and thanks for sharing/explaining what you found!