Health Check: Rest API encountered an unexpected result (403) Forbidden

I’ve never has this problem before running my board for quite a long.

The REST API encountered and unexpected result.

The REST API is one way that WordPress and other applications communicate with the server. For example, the block editor screen relies on the REST API to display and save your posts and pages.

When testing the REST API, an unexpected result was returned:

REST API Endpoint: https://www.mypage.com/wp-json/wp/v2/types/post?context=edit

REST API Response: (403) Forbidden

I thought there’s something to do with CloudFlare but checking its WAF events, nothing related is showed. I included some exceptions anyway, now I can see on WAF events exceptions been detected and bypassed but problem still remains.

Also included on htacces the code below as it could be related to that.

<IfModule mod_security.c>

SecFilterEngine Off

SecFilterScanPOST Off

</IfModule>

Again, nothing happens,

I’m suspecting there’s some relation with Super Cache. I was able to track Rest API log as follows:

Route: /wp/v2/types/post

Details

• Data: 2024-10-14 14:37:12
• Source: WP REST API
• Method: GET
• Status: 403
• Elapsed Time: 1,064ms
• Response Length: 218
• User:[email protected]
• IP Address: 108.179.241.216
• HTTP X Forwarded For: 108.179.241.216

Request Headers

{

    “accept”: “*\/*”,

    “accept_encoding”: “gzip, br”,

    “cookie”: “wordpress_sec_37089e948114772cc1bb739d6ecddc81=kundalini@institutokundalini.com|1729099674|XXaMc1Zpx5z804wWbbDT1w0nqk8IpcrzCOMFC4aQccO|8c5faf78d96264d7ebb170233088d83e9a90ac87bac81ab9c956e6a0a918a075; sbjs_migrations=1418474375998=1; sbjs_first_add=fd=2024-09-13 14:11:58|||ep=https:\/\/institutokundalini.com.br\/|||rf=(none); sbjs_first=typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)|||plt=(none)|||fmt=(none)|||tct=(none); wordpress_test_cookie=WP Cookie check; wp_lang=pt_BR; sbjs_current_add=fd=2024-10-07 16:50:05|||ep=https:\/\/institutokundalini.com.br\/|||rf=https:\/\/cliente.hostgator.com.br\/; sbjs_current=typ=referral|||src=cliente.hostgator.com.br|||mdm=referral|||cmp=(none)|||cnt=\/|||trm=(none)|||id=(none)|||plt=(none)|||fmt=(none)|||tct=(none); _ga_5XGGEG9JBX=GS1.1.1728649915.8.0.1728649931.0.0.0; _ga=GA1.3.483934548.1724333665; mp_2cca34424fe0e8ad6897d354b9591c45_mixpanel={“distinct_id”: “34635d97-d674-4134-befd-955731e0db13″,”$device_id”: “1927bafa481d9f-03e834bd928a1f-26001051-100200-1927bafa481d9f”,”$initial_referrer”: “https:\/\/webmail.institutokundalini.com.br\/”,”$initial_referring_domain”: “webmail.institutokundalini.com.br”,”$current_url”: “\/webmail\/jupiter\/mail\/clientconf.html”,”$user_id”: “34635d97-d674-4134-befd-955731e0db13″,”product_version”: “110.0.42”,”ACCOUNT_AGE”: 147,”UUID_ADDED_AT_ACCOUNT_CREATION”: “1”,”server_current_license_kind”: “STANDARD”,”product_trial_status”: “false“,”server_main_ip_is_private”: 0,”analytics_distribution”: “ULC”,”INITIAL_SERVER_ENV_TYPE”: “kvm”,”server_main_ip”: “108.179.241.214”,”server_operating_system”: “CentOS v7.9.2009″,”TRANSFERRED_OR_RESTORED”: “1”,”INITIAL_SERVER_LICENSE_TYPE”: “0”,”UUID”: “34635d97-d674-4134-befd-955731e0db13″,”product_interface”: “Webmail”,”product_locale”: “pt_br”,”company_id”: [“,

    “host”: “institutokundalini.com.br”,

    “user_agent”: “WordPress\/6.6.2; https:\/\/institutokundalini.com.br”,

    “cache_control”: “no-cache”,

    “cdn_loop”: “cloudflare; loops=1”,

    “cf_ipcountry”: “US”,

    “cf_ray”: “8d2955f928606766-ATL”,

    “x_forwarded_proto”: “https”,

    “cf_visitor”: “{“scheme”:”https”}”,

    “x_wp_nonce”: “6e8ab3cccd”,

    “cf_connecting_ip”: “108.179.241.216”,

    “x_https”: “1”,

    “x_forwarded_for”: “108.179.241.216”

}

Query Parameters

{

    “context”: “edit”

}

Body Parameters

 []

Response Headers

{

    “cf-edge-cache”: “no-cache”,

    “Set-Cookie”: “wfwaf-authcookie-94a4060502e8b9c5eff238f183c1109a=3%7Cadministrator%7Cmanage_options%2Cunfiltered_html%2Cedit_others_posts%2Cupload_files%2Cpublish_posts%2Cedit_posts%2Cread%7C677cbfff33838f60cd7cc93cab80026bf64a3180304bf5a4bd63b9fab5eceda7; expires=Tue, 15 Oct 2024 053711 GMT; Max-Age=43200; path=\/; secure; HttpOnly”,

    “Content-Type”: “application\/json; charset=UTF-8”,

    “X-Robots-Tag”: “noindex”,

    “Link”: “<https\/\/institutokundalini.com.br\/wp-json\/>; rel=”https\/\/api.w.org\/””,

    “X-Content-Type-Options”: “nosniff”,

    “Access-Control-Expose-Headers”: “X-WP-Total, X-WP-TotalPages, Link”,

    “Access-Control-Allow-Headers”: “Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type”,

    “Cache-Control”: “no-store, no-cache, must-revalidate, max-age=0”,

    “X-WP-CF-Super-Cache-Cache-Control”: “no-store, no-cache, must-revalidate, max-age=0”,

    “X-WP-CF-Super-Cache”: “no-cache”,

    “Pragma”: “no-cache”,

    “Expires”: “Mon, 14 Oct 2024 173712 GMT”

}

Response Body

    “data”: {

        “code“: “rest_cookie_invalid_nonce”,

        “message”: “A verificau00e7u00e3o cookie falhou”,

        “data”: {

            “status”: 403

        }

    },

    “headers”: [],

    “status”: 403

}

Any idea about why cookie check is not getting validation?