Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Api Page Not Found... Rate Topic   - - - - -

 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 10838 posts

Posted 08 January 2018 - 10:48 PM #1

Went to implement a new entity for an addon but finding during testing that the api is always returning page not found.

I.e. doing:

curl --user [MY ADMIN USER EMAIL]:[MY API KEY] -X GET https://[SITE].com/api/products/12

always generates a 404 page not found page.  But doing

url --user [MY ADMIN USER EMAIL]:[MY API KEY] -X GET https://[SITE].com

will return the homepage of the site but anything with /api will return page not found.

 

Assuming this is something simple in config but not sure what and would appreciate any pointers.

 

And yes, the user is enabled for API and I cut/pasted the API key.


EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.


 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 10838 posts

Posted 27 January 2018 - 12:54 AM #2

Okay, after many back and forth's with helpdesk (normal 1 message per day) and my hosting company, the answer for this problem is:

 

helpdesk - mod_security is causing the problem but they can't tell me which rule to disable and recommend disabling modsecurity entirely.  But it cost me 20 support credits.

 

My hosting - identified the rule as 990011 which has to do with an issue of the user-agent of the request (assuming because this is done via command line).  It took my hosting 3 days to figure out where to disable the rule for easy-apache 4.  And of course, they disable it for the engine and not on a site-by-site basis.

 

Seems like there should be a way to disable the rule by adding something like:

SecRuleRemoveById  990011

in the .htaccess file rather than having to comment out the rule in the 01_base_rules.conf file located in the /etc/apache2/conf.d/imh-modsec directory!!

 

If someone knows how to do this via .htaccess, please advise and you'd be a God in my eyes!

 

Still unclear why it's generating a 404 given the rule says it should generate a 406 (all modsecurity rules are supposed to generate 406).


EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.


 
  • The Tool
  • Been Here Way Too Long Member
  • Members
  • Join Date: 30-Mar 07
  • 3654 posts

Posted 07 April 2018 - 01:56 AM #3

Hey Tony.  I was just searching around to see how safe it was to use modsecurity with CSC and came across this post.  I don't know if you figured it out or not but you can use ConfigServer ModSecurity Control (cmc) to disable rules for individual accounts instead of globally.



 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 10838 posts

Posted 07 April 2018 - 09:33 PM #4

Generally, that's probably true.  My hosting has their own instance of the rules setup so it makes it more difficult.  I just did it globally since 9 out of 10 of my sites run some instance of cs-cart and most of them are development or test sites.  But do appreciate the pointer.


EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.


 
  • bazzaretta
  • Junior Member
  • Members
  • Join Date: 12-May 06
  • 12 posts

Posted 04 September 2018 - 06:13 AM #5

If you're on CPanel, check the api.php file permission - it should be 755 (no group write). Hope this helps someone!