provide blocking pages with correct statuses

Resolved hirejordansmith
(@hirejordansmith)

5 months, 1 week ago

I got this feedback from my hosting provider related to an issue with how CleanTalk Security is handling errors, can you please review and update the plugin so this issue does not happen anymore?

======

Jordan, I see the problem here with plugin itself.
I’ve logged in and blocked my IP and then when I opened your website I’ve got blocking page – the problem here is that your website (or plugin security-malware-firewall) returns blocking page with Status 200 OK which is incorrect.

All blocking pages should be returned with 403 Status code – Permission denied, or 429 or some kind another status.
These statuses are not cached by our system.

Status 200 means okay and become cached.
So this is how the plugin works.

So my recommendation here is contact with plugin’s dev team and ask them to provide blocking pages with correct statuses – for example 403 which will not be cached by our system and only blocked user will get it,

Also as a solution for blocked visitors they can return http header below on blocking pages:
cache-control: no-store, no-cache, must-revalidate
but the correct solution is return correct status code for blocked visitors

Viewing 8 replies - 1 through 8 (of 8 total)

Plugin Support amagsumov
(@amagsumov)

5 months, 1 week ago

Hello @hirejordansmith,

We have checked the responses from our blocking pages and can confirm that they return a 403 error code. Could you please ask your hosting provider to provide more details regarding where they are seeing a 200 code?

Thank you.

Thread Starter hirejordansmith
(@hirejordansmith)

5 months, 1 week ago

Please see screenshot > https://www.dropbox.com/scl/fi/z9scthb5quvfwgbv5qg8w/Screenshot-2025-12-30-at-8.52.08-AM.png?rlkey=xh1xzsmb8byn4eghnqy9ir596&dl=0

That page should respond with a 403 status code.

However, based on that screenshot, it shows a 200 status code.

Plugin Support sergecleantalk
(@sergecleantalk)

5 months, 1 week ago

Thank you for the additional details. I will ask our developers about this. We will get back to you within the next few days.

Plugin Support amagsumov
(@amagsumov)

5 months, 1 week ago

Hello @hirejordansmith,

We were unable to reproduce the issue in our environment. The issue on your site is likely caused by your cache, where the blocking pages themselves are being cached.

Please deactivate the site’s cache and check the response of the blocking page again. If it still returns a 200 code while the cache is disabled, please let us know.

Thank you.

Thread Starter hirejordansmith
(@hirejordansmith)

5 months ago

Hmm I see 403 now on that page but previously it was 200 as per my screenshot. I’m not sure what changed or this is how this plugin works with Blocking pages…

See screenshot > https://www.dropbox.com/scl/fi/z03rh6gcnqjt7n7bfv5vy/Screenshot-2026-01-07-at-3.32.15-AM.png?rlkey=za3w7tjyorc2nqibb0cy5jf3m&dl=0

vadimcleantalk
(@usr1)

5 months ago

Hello @hirejordansmith

Thank you for the clarification and for the screenshot. We’ll review the details and get back to you with an update within 1–3 business days.

vadimcleantalk
(@usr1)

5 months ago

Hello @hirejordansmith

Thank you for your patience — everything looks correct now.

403 is not a server error. It is an HTTP response status code that indicates the requested content is forbidden for the current visitor. This is the expected and correct behavior for blocking pages.

If you notice anything unusual again, please let us know and we’ll be happy to take another look.

Plugin Support sergecleantalk
(@sergecleantalk)

4 months, 3 weeks ago

Hello.
We haven’t heard back from you in a few days, so I’m going to mark this topic as “resolved”.
If you have any further questions, you can start a new topic or contact us via our private Ticket System: https://cleantalk.org/my/support/open.

Viewing 8 replies - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.