hectordemo
New Member
- Messages
- 1
- Reaction score
- 0
- Points
- 1
Hi I got a api, an sudenly since yesterday start to get cors requests...
I dig into my code to do changes on the api and even allow everything to not reach this the cors, but without success... (tried even forcing correct headers from app, and trying forcing headers from .htaccess)
Doing more diggin i found out that now the server has this Imunify360 protection or more strick protection since yesterday...
So this make api request to fail and maybe lose some headers to make cors works,
Doing the request sometimes response as:
content-type: text/html
And sometims as;
HTTP/2 200 OK
server: openresty/1.27.1.1
date: Fri, 25 Jul 2025 19:03:36 GMT
content-type: application/json
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
cf-edge-cache: no-cache
content-length: 107
x-http2-stream-id: 3
{
"message": "Access denied by Imunify360 bot-protection. IPs used for automation should be whitelisted"
}
I found Imunify360 panel, but we cant add ips o configere anything at all
......
In the time I wrote this post, now api is working again... xD
I will keep this as a doc
But what should/could do when we get blocked by this firewall?
Do we have options for this whitelist?
Do you recommend adding country ip blocking by country via .htacees (if applies)? <- does this helps to reduce work on Imunify360?
I dig into my code to do changes on the api and even allow everything to not reach this the cors, but without success... (tried even forcing correct headers from app, and trying forcing headers from .htaccess)
Doing more diggin i found out that now the server has this Imunify360 protection or more strick protection since yesterday...
So this make api request to fail and maybe lose some headers to make cors works,
Doing the request sometimes response as:
content-type: text/html
And sometims as;
HTTP/2 200 OK
server: openresty/1.27.1.1
date: Fri, 25 Jul 2025 19:03:36 GMT
content-type: application/json
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
cf-edge-cache: no-cache
content-length: 107
x-http2-stream-id: 3
{
"message": "Access denied by Imunify360 bot-protection. IPs used for automation should be whitelisted"
}
I found Imunify360 panel, but we cant add ips o configere anything at all
......
In the time I wrote this post, now api is working again... xD
I will keep this as a doc
But what should/could do when we get blocked by this firewall?
Do we have options for this whitelist?
Do you recommend adding country ip blocking by country via .htacees (if applies)? <- does this helps to reduce work on Imunify360?