My web host WPMU DEV uses a web application firewall to protect the site. This firewall is causing a JSON error when I try to use Toolset. They've suggested that I whitelist all IP addresses Toolset uses to avoid these errors. Do you have a list of these IP addresses?
Hello and thank you for contacting the Toolset support.
Below the IP addresses that you would want to whitelist:
toolset.com
- 13.32.181.20
- 13.32.181.52
- 13.32.181.89
- 13.32.181.110
api.toolset.com
- 54.83.22.52
- 3.211.236.109
- 18.232.246.196
If that's not enough, please let me know what requests are blocked from the firewall or what domain names are targeted?
Hi Jamal,
No, the problem is still happening. Here are the IP's I've had to allow.
13.32.181.89
54.83.22.52
103.87.112.207
2601:602:77f:fee0:c1b9:eeb1:ae9c:1574
13.32.181.110
2601:602:77f:fee0:b52d:aaad:e7f8:d8e1
18.232.246.196
13.32.181.52
2601:602:77f:fee0:244e:aa62:e20f:7881
13.32.181.20
2601:602:77f:fee0:55eb:f216:47c9:1e06
3.211.236.109
Here's the log error I get:
[Tue Mar 2 15:01:32 2021] 2601:602:77f:fee0:c1b9:eeb1:ae9c:1574 POST /wp-json/ToolsetBlocks/Rest/API/v1/ShortcodeRender?_locale=user "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36"
The domain name is: hidden link
Does that help?
Peter
Is this something you can help me with?
Hello Peter. We'll do all that we can to help.
This endpoint is used by the Blocks editor /ToolsetBlocks/Rest/API/v1/ShortcodeRender?_locale=user
And this line does not seem an error to me, it seems like an access log:
[Tue Mar 2 15:01:32 2021] 2601:602:77f:fee0:c1b9:eeb1:ae9c:1574 POST /wp-json/ToolsetBlocks/Rest/API/v1/ShortcodeRender?_locale=user "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36"
Maybe from Apache hidden link
To better assist you, I'd like to ask:
- Where do you see these errors? On a log file? Can you share a screenshot?
- Are you stuck somewhere? For example, are you stuck on the blocks editor and not able to save your design?
Hi Jamal,
Here's a screenshot. This JSON error has popped up repeatedly and on different pages since I installed Toolset. It triggered on these pages:
hidden link
hidden link
Does that help?
Peter
To better assist you with this issue without affecting your live site, please follow the instructions in my private reply(March 5, 2021 at 2:02 pm) to migrate your website into our online platform. This way we can check server-related issues, and also compatibility issues with other components(themes and plugins) of the site without impacting your live users.
Thanks Jamal. The site is migrating now.
Once the migration finishes, please create an administrator user for me and share it in your next message. I'll set it to be private.
I don't seem to be able to log in to the site. I used a masked login area at /wp-mana but it does not seem to be working. Do I need to re-migrate without the masked login area?
I have disabled the wp-defender plugin and created an administrator user programmatically for me. The issue was reproduced, and I noticed that the REST calls were giving 404 errors. I added the following to the top of the .htaccess file and it fixed the issue. I was able to edit both pages. You can try to login and check it on the migrated site:
# BEGIN WordPress
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
https://wordpress.org/support/article/htaccess/
I hope this helps. Let me know if you have any questions.
It seems to work great. Thanks Jamal! Should I just add that code in the .htaccess file on the main site then?
Yes, exactly. Add the following code at the top of the .htaccess file. If it does not work for you, please allow me temporary access to your website, with FTP access too to check this further. ** Make a database backup before sharing credentials. **
