REST API

  • Resolved dimal

    (@dimalifragis)


    3 years, 4 months ago

    Hi, we have several incident logged for LOGGED IN users like this:

    HIGH – xxx.xxx.xxx.xxx GET /index.php – User enumeration scan (WP REST API) – [/wp-json/wp/v2/users/me?context=edit&_locale=user]

    because of enumeration protection via rest api. Could that option EXCLUDE logged in users?

    We had to disable that specific option and use an other plugin that does exactly that.

    I think this comes from a plugin, wpForo. Not 100% sure.

    Thanks

    • This topic was modified 3 years, 4 months ago by dimal. Reason: typo
Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author nintechnet

    (@nintechnet)

    3 years, 4 months ago

    It’s not possible to exclude logged in users, I’m afraid.

    Thread Starter dimal

    (@dimalifragis)

    3 years, 3 months ago

    Hi,

    Why is that? I have found several snippets that block non authenticated users. And it seems they work just fine.

    Plugin Author nintechnet

    (@nintechnet)

    3 years, 3 months ago

    It’s possible to do, but it’s not available in NinjaFirewall. We’ll see if we can implement it in a future version.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘REST API’ is closed to new replies.