I'm trying to fetch a schedule from a URL by submitting the form values in a POST request. For this purpose, I created a flow in node-red and it worked fine for few weeks. However, now I've started to receive the following security error.
406 Security Incident Detected
406 Security Incident Detected
Your request was blocked. Please try again later.
XrxWwwzlK-WmpFeEbGejEwAAAEo - www.islamiskaforbundet.se - xxx.xxx.xxx.xxx
Interesting thing is, when I put the parameters in a REST development tool (such as Postman or Open RESTED) and post the request, I get the data without any issues.
Below is the CURL request generated from Postman:
curl -X POST \
https://www.islamiskaforbundet.se/wp-content/plugins/bonetider/Bonetider_Widget.php \
-H 'cache-control: no-cache' \
-H 'content-type: application/x-www-form-urlencoded' \
-H 'postman-token: eb701a0e-406e-4851-653f-2b7818c7d455' \
-d 'ifis_bonetider_widget_city=G%C3%B6teborg%2C%20SE&ifis_bonetider_widget_date=2020-05-14'
Upon execution, it fails in terminal.
One could say that the server may have learned my IP address and started to block all incoming requests, but then why the same request would work fine in the above mentioned tools' UI but not in CURL or my node-red flow?
Is there anything I'm missing? or how to avoid this security error?
The server at the other end has a number of ways to identify the which client is making the request, but the most likely one is that it is looking at the User Agent string from the client making the request.
e.g. you can make the curl command work by adding the Firefox User Agent header:
curl -X POST https://www.islamiskaforbundet.se/wp-content/plugins/bonetider/Bonetider_Widget.php \
-A "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0" \
-H 'cache-control: no-cache' \
-H 'content-type: application/x-www-form-urlencoded' \
-d 'ifis_bonetider_widget_city=G%C3%B6teborg%2C%20SE&ifis_bonetider_widget_date=2020-05-14'
(I also removed the postman token)
Also 406 is probably the wrong error for the server to be returning, a better match for the text of the error would be something like 429