I discovered the issue in my case to be the hackrepair.com feature. Basically it blacklists some of the most common user agent strings associated with bots used to hack websites. It also blocks any requests with an empty user agent string. I simply added a custom user agent string to my posts and now they go through as expected.
Alternatively you could just disable this feature in iThemes security settings. There is also a method to disable the empty user agent string in the .htaccess file (quick google search can find it). Unless you know what you are doing, I strongly discourage modifying the .htaccess file on your web server.
