Litespeed Cache and NinjaFirewall : Failed to post via WordPress: “no auth_key

  • Resolved barnez

    (@pidengmor)


    5 years, 9 months ago

    For anyone else experiencing the same issue:

    Every few weeks I was finding the following error in my admin dashboard after logging in:

    
Failed to post via WordPress: "hash does not match: ClientCB[<!DOCTYPE HTML PUBLIC "-\/\/IETF\/\/DTD HTML 2.0\/\/EN">
<html><head><title>NinjaFirewall: 403 Forbidden<\/title><style>body{font-family:sans-serif;font-size:13px;color:#000;}<\/style><meta http-equiv="Content-Type" content="text\/html; charset=utf-8"><\/head><body bgcolor="white"><br \/><br \/><br \/><br \/><center>Sorry <b>206.189.100.139<\/b>, your request cannot be proceeded.<br \/>For security reason, it was blocked and logged.<br \/><br \/><img title="NinjaFirewall" src="https:\/\/www.xxxx.com\/wp-content\/plugins\/ninjafirewall\/images\/ninjafirewall_75.png" width="75" height="75"><br \/><br \/>If you think that was a mistake, please contact the<br \/>webmaster and enclose the following incident ID:<br \/><br \/>[ <b>#6464297<\/b> ]<\/center><\/body><\/html>] Server[c02QAieSMG1kDxmG]"
    
Failed to post via WordPress: "no auth_key"

    After troubleshooting it seems that the LiteSpeed Cache plugin will make calls to their external server, so their server’s IPs need to be whitelisted by NinjaFirewall:

    
142.93.112.87 
68.183.55.115
178.128.152.109
206.189.203.203
68.183.60.185
206.189.100.139
128.199.57.119
159.89.13.42
165.227.131.98
45.76.44.137
68.183.4.220
68.183.180.19
178.128.100.105
139.59.59.66
Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Do you have any NinjaFirewall log line(s) to show why the request was blocked?

    Thread Starter barnez

    (@pidengmor)

    It looks like these log line(s) from 206.189.100.139, although the last part of the IP4 address has been anonymised because of the privacy settings:

    
10/Jan/19 22:19:34  #7438992  MEDIUM       -  206.189.100.xxx  POST /index.php - POST method without Referer header - [POST] - www.xxxxx.com
21/Jan/19 05:54:20  #6464297  MEDIUM       -  206.189.100.xxx  POST /index.php - POST method without Referer header - [POST] - www.xxxxx.com
31/Jan/19 22:10:44  #6287897  MEDIUM       -  206.189.100.xxx  POST /index.php - POST method without Referer header - [POST] - www.xxxxx.com
    Plugin Author nintechnet

    (@nintechnet)

    You have enabled the “Block POST requests that do not have an HTTP_REFERER header” policy, hence it is blocked because most scripts or applications won’t send an HTTP_REFERER when submitting a POST request.

    Thread Starter barnez

    (@pidengmor)

    I see. I have reverted back to the default (No) for that option. Thanks.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Litespeed Cache and NinjaFirewall : Failed to post via WordPress: “no auth_key’ is closed to new replies.