lechon

@embedplus

Hello,

The “No Cookie” option working OK with “Hide Related Videos” still would be a fantastic feature to have.

The issue here is that we are trying to “Hide Related Videos”, but the way it’s right now you have to have the Cookie option enabled, this actually defeats the purpose of “Hide Related Videos” on most videos, because now you have those little boxes or “Video Overlays” showing related videos in a different way.

I was hoping that in the last update of the Pro version that maybe the no cookie feature working ok with “Hide Related Videos” would have been implemented, this would “Hide Related Videos” including “Video Overlays” and hide other annoying YouTube features like YouTube’s “Share”, and “Watch Later” . The idea here is to try to keep our users on the site as long as possible reducing the bounce rate.

I hope you are still working on developing this feature, it’s incredibly beneficial to those using your plugin.

If for some reason you happen to have a “hot fix” with a code that we could just temporarily drop maybe on our functions.php file until the next update, this would be fantastic.

Again thanks for developing this plugin and for keeping it up to date.

Best regards,

@qtwrk

Hi,

Thanks for that information. We finally got it to work!

Thanks for all your help.

Cheers!

@qtwrk

We can Not make it work without listing the LiteSpeed IPs. We tried so many different combinations but nothing seems to work. This is that last code we tried not using IPs:

//Restricts REST API Access With LiteSpeed Cache Modification
add_filter( ‘rest_authentication_errors’, function( $result ) {
if ( ! empty( $result ) ) {
return $result;
}
if ( ! is_user_logged_in() && ( ! defined( ‘LSCWP_V’ ) || ! apply_filters( ‘litespeed_is_from_cloud’, false ) ) ) {
return new WP_Error( ‘rest_not_logged_in’, ‘You do not have sufficient permission to access this endpoint. Access to REST API requests is restricted.’,
array( ‘status’ => 401 ) );
}
return $result;
});

This is the error we get:
Cloud Error: Please try after 3m 5s for service?img_optm-new_req.

Best regards,

@qtwrk

Hi,

Sorry for the confusion.

This is the code we implemented on our staging site and it seems to work OK on our end. Please take a look at and let us know if this code would cause any other conflicts with LiteSpeed.

//Restricts REST API Access With LiteSpeed Cache Modification
add_filter( ‘rest_authentication_errors’, function( $result ) {
if ( ! empty( $result ) ) {
return $result;
}
$allowedAddress = array( ‘54.252.210.186’,’35.178.212.86′,’13.233.85.71′,’37.120.131.40′,’5.134.119.194′,’165.227.116.222′,’92.38.139.226′,’213.159.1.75′,’197.189.253.162′,’185.149.235.173′,’184.73.187.186′,’44.233.72.214′,’52.59.41.24′,’18.179.116.177′,’34.226.106.116′,’31.22.115.186′,’199.59.247.242′,’146.88.239.197′,’185.25.204.8′,’79.172.239.249′,’92.38.132.176′,’5.196.169.11′,’31.220.21.249′,’38.129.107.18′,’49.12.102.29′,’51.68.231.18′,’51.222.28.21′,’64.227.16.93′,’64.227.37.171′,’94.75.232.90′,’142.93.158.152′,’157.230.17.241′,’161.35.28.150′,’167.99.75.70′,’185.53.57.89′,’185.53.57.94′,’185.53.57.240′,’185.53.57.254′,’188.166.12.178′,’192.99.38.117′,’212.162.151.34′,’213.184.87.74′,’213.184.87.75′,’18.188.223.222′,’3.122.18.67′ );
$requestServer = $_SERVER[‘REMOTE_ADDR’];

if( ! in_array( $requestServer, $allowedAddress ) )
if ( ! is_user_logged_in() ) {
return new WP_Error( ‘rest_not_logged_in’, ‘You do not have sufficient permission to access this endpoint. Access to REST API requests is restricted.’,
array( ‘status’ => 401 ) );
}
return $result;
});

Best regards,

Hello @qtwrk

We updated to Version 3.2.3.2 on our Test server and implemented a code that would work for our server.

It did work, and image optimization seems to be working OK.

Because this is a code we made up from 3 different sources we wanted to make sure that it’s all good with LiteSpeed.

How can I post this code here for you to review?

Best regards,

Hello @qtwrk

We updated to Version 3.2.3.1 on our test server and implanted the code as you have suggested.

It did work, but we had to disable it because it virtually gives access to everyone to REST API information defeating the purpose of the initial code.

It’s not white listing LiteSpeed in a sense, it just disables completely the original REST API restrictions.

This is the code we tested per your suggestion:

//Restricts REST API Access
add_filter( ‘rest_authentication_errors’, function( $result ) {
if ( ! empty( $result ) ) {
return $result;
}
if ( ! is_user_logged_in() && ( ! defined( ‘LSCWP_V’ ) || ! apply_filters( ‘litespeed_is_from_cloud’, false ) ) ) {
return new WP_Error( ‘rest_not_logged_in’, ‘You do not have sufficient permission to access this endpoint. Access to REST API requests is restricted.’,
array( ‘status’ => 401 ) );
}
return $result;
});

Best regards,

@qtwrk

Hello,

Thanks for the information and feedback.

I am going to wait for the new release just to make things simple on my end and I will make sure to add the new modified code that you have suggested here after the update

Many thanks for developing a solution to this.

Best regards,

@qtwrk

Hi,

That is correct. Redirection plugin has been working for the past 2 years with the code above.

Best regards,

@qtwrk

Hello,

We were able to make it work using the format suggested here:
https://www.ads-software.com/support/topic/restrict-rest-api-access-2/

But in the process it breaks other plugins that uses REST API in a different way than LiteSpeed does, like for example the plugin “Redirection”, it completely breaks it.

So we are back to square 1. We don’t have image optimization.

We were so happy with version 2.9 of this plugin everything worked from the get go.
You would think that with the enterprise version of the LiteSpeed Server that we have these REST API calls could run in the background as a core function, but I guess this is not how it all works.

Best regards,

I am still testing, I have not managed to work yet.

If we can’t get it to work, we might give up on the image optimization. The Security of REST API is too important for us.

Best regards,

@qtwrk

Thanks for the explanation.

Let me give it a try and see how it goes.

Best regards

@qtwrk

Thanks for the information. Let me look into this and see how it goes.

Regarding your IP list. Do I need to use every single IP? the reason I am asking is because I ran your IPs trough an IP abuse database and it flagged some of the IPs.

https://www.abuseipdb.com/check/185.149.235.173
https://www.abuseipdb.com/check/199.59.247.242
https://www.abuseipdb.com/check/94.75.232.90
https://www.abuseipdb.com/check/212.162.151.34
https://www.abuseipdb.com/check/18.188.223.222

Best regards,

@lucasrolff

Thanks for the feedback.

For security reasons we have the following code on our site:

//Restricts REST API Access
add_filter( ‘rest_authentication_errors’, function( $result ) {
if ( ! empty( $result ) ) {
return $result;
}
if ( ! is_user_logged_in() ) {
return new WP_Error( ‘rest_not_logged_in’, ‘You do not have sufficient permission to access this endpoint. Access to REST API requests is restricted.’,
array( ‘status’ => 401 ) )

Our site gets viciously attack on a daily basis via REST API.

Under LiteSpeed V 2.9 Restricting API was not at issue at all, including image optimization.

Is there a way to “Whitelist” the REST API calls from LiteSpeed That we can implement in our code shown above?

Giving everyone access to REST API is not a solution for us.

Best regards,

@qtwrk

Hi,

Base on the report you saw and our configuration what should the Cache-Control: public, max-age should be?

I see on Cloudflare we have Browser Cache TTL at 1 year (this was the setting recommended by WP Rocket when we were using that plugin). But then again we purge all caches often when we make updates to the site.

Regards,

@qtwrk

It looks like they are reducing in number, there are less 404s in the past hour. Maybe Apple devices using Safari have a more aggressive cache and it will take time before they disappear.

I did not see your IP on my error logs.

I think I am going to give it a couple of days to see if the 404s are reducing in numbers and not increasing.

Best Regards,