FraudClient API error

A

akok

New member
When trying to interact with a mod for xenforo I get an error

Code: 
GuzzleHttp\Exception\ClientException: FraudClient API error: Client error: `POST https://fraudclient.com/api.php?action=search_client_reports` resulted in a `403 Forbidden` response: <!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/htm (truncated...) src/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php:113
 
Solution
F
I have completely disabled and paused CF. Please check again.

If that solves it, I'll leave CF off for now until I dive more into the settings to make sure outside connections are exempt to the API.
Sort by date Sort by votes
akok said:
Correct, the api has been received and added to the plugin settings


That's also true. Judging by the answer, the blocking is happening at the cludflare check level.
Click to expand...
Let me check into it real quick. We recently just enabled CF.

Edit: I am able to connect to API from this forum using the addon as well as USHost247 is able to connect to API via the WHMCS module, but I am looking into the CF settings.

Edit2: @akok , I have added /api.php to an exception on WAF CF rules. Please check again.
 
Last edited:
Upvote 0 Downvote
Nothing has changed.
API error. Please try again.
Click to expand...
I'm not sure, but does the mod pass the API key?

Code: 
GuzzleHttp\Exception\ClientException: FraudClient API error: Client error: `POST https://fraudclient.com/api.php?action=search_client_reports` resulted in a `403 Forbidden` response: <!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/htm (truncated...) src/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php:113
Сгенерирована пользователем: akok 30 Авг 2025 в 20:29
Трассировка стека
#0 src/vendor/guzzlehttp/guzzle/src/Middleware.php(72): GuzzleHttp\Exception\RequestException::create(Object(GuzzleHttp\Psr7\Request), Object(GuzzleHttp\Psr7\Response), NULL, Array, NULL)
#1 src/vendor/guzzlehttp/promises/src/Promise.php(209): GuzzleHttp\Middleware::{closure:{closure:{closure:GuzzleHttp\Middleware::httpErrors():60}:61}:67}(Object(GuzzleHttp\Psr7\Response))
#2 src/vendor/guzzlehttp/promises/src/Promise.php(158): GuzzleHttp\Promise\Promise::callHandler(1, Object(GuzzleHttp\Psr7\Response), NULL)
#3 src/vendor/guzzlehttp/promises/src/TaskQueue.php(52): GuzzleHttp\Promise\Promise::{closure:GuzzleHttp\Promise\Promise::settle():156}()
#4 src/vendor/guzzlehttp/promises/src/Promise.php(251): GuzzleHttp\Promise\TaskQueue->run(true)
#5 src/vendor/guzzlehttp/promises/src/Promise.php(227): GuzzleHttp\Promise\Promise->invokeWaitFn()
#6 src/vendor/guzzlehttp/promises/src/Promise.php(272): GuzzleHttp\Promise\Promise->waitIfPending()
#7 src/vendor/guzzlehttp/promises/src/Promise.php(229): GuzzleHttp\Promise\Promise->invokeWaitList()
#8 src/vendor/guzzlehttp/promises/src/Promise.php(69): GuzzleHttp\Promise\Promise->waitIfPending()
#9 src/vendor/guzzlehttp/guzzle/src/Client.php(189): GuzzleHttp\Promise\Promise->wait()
#10 src/vendor/guzzlehttp/guzzle/src/ClientTrait.php(95): GuzzleHttp\Client->request('POST', 'https://fraudcl...', Array)
#11 src/addons/FraudClient/ReportSpam/Repository/FraudClient.php(36): GuzzleHttp\Client->post('https://fraudcl...', Array)
#12 src/addons/FraudClient/ReportSpam/ControllerPlugin/ReportFraudClient.php(101): FraudClient\ReportSpam\Repository\FraudClient->checkUser(Object(SV\SignupAbuseBlocking\XF\Entity\User))
#13 src/addons/FraudClient/ReportSpam/XF/Pub/Controller/Member.php(37): FraudClient\ReportSpam\ControllerPlugin\ReportFraudClient->actionCheck(Object(SV\SignupAbuseBlocking\XF\Entity\User))
#14 src/XF/Mvc/Dispatcher.php(362): FraudClient\ReportSpam\XF\Pub\Controller\Member->actionCheckFraudClient(Object(XF\Mvc\ParameterBag))
#15 src/XF/Mvc/Dispatcher.php(264): XF\Mvc\Dispatcher->dispatchClass('XF:Member', 'CheckFraudClien...', Object(XF\Mvc\RouteMatch), Object(SV\SignupAbuseBlocking\XF\Pub\Controller\Member), NULL)
#16 src/XF/Mvc/Dispatcher.php(121): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(SV\SignupAbuseBlocking\XF\Pub\Controller\Member), NULL)
#17 src/XF/Mvc/Dispatcher.php(63): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#18 src/XF/App.php(2824): XF\Mvc\Dispatcher->run()
#19 src/XF.php(806): XF\App->run()
#20 index.php(23): XF::runApp('XF\\Pub\\App')
#21 {main}

Another idea, if you use CloudFlare, is there no blocking/restriction for Hetzner hosting?
 
Upvote 0 Downvote
akok said:
Nothing has changed.

I'm not sure, but does the mod pass the API key?

Code: 
GuzzleHttp\Exception\ClientException: FraudClient API error: Client error: `POST https://fraudclient.com/api.php?action=search_client_reports` resulted in a `403 Forbidden` response: <!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/htm (truncated...) src/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php:113
Сгенерирована пользователем: akok 30 Авг 2025 в 20:29
Трассировка стека
#0 src/vendor/guzzlehttp/guzzle/src/Middleware.php(72): GuzzleHttp\Exception\RequestException::create(Object(GuzzleHttp\Psr7\Request), Object(GuzzleHttp\Psr7\Response), NULL, Array, NULL)
#1 src/vendor/guzzlehttp/promises/src/Promise.php(209): GuzzleHttp\Middleware::{closure:{closure:{closure:GuzzleHttp\Middleware::httpErrors():60}:61}:67}(Object(GuzzleHttp\Psr7\Response))
#2 src/vendor/guzzlehttp/promises/src/Promise.php(158): GuzzleHttp\Promise\Promise::callHandler(1, Object(GuzzleHttp\Psr7\Response), NULL)
#3 src/vendor/guzzlehttp/promises/src/TaskQueue.php(52): GuzzleHttp\Promise\Promise::{closure:GuzzleHttp\Promise\Promise::settle():156}()
#4 src/vendor/guzzlehttp/promises/src/Promise.php(251): GuzzleHttp\Promise\TaskQueue->run(true)
#5 src/vendor/guzzlehttp/promises/src/Promise.php(227): GuzzleHttp\Promise\Promise->invokeWaitFn()
#6 src/vendor/guzzlehttp/promises/src/Promise.php(272): GuzzleHttp\Promise\Promise->waitIfPending()
#7 src/vendor/guzzlehttp/promises/src/Promise.php(229): GuzzleHttp\Promise\Promise->invokeWaitList()
#8 src/vendor/guzzlehttp/promises/src/Promise.php(69): GuzzleHttp\Promise\Promise->waitIfPending()
#9 src/vendor/guzzlehttp/guzzle/src/Client.php(189): GuzzleHttp\Promise\Promise->wait()
#10 src/vendor/guzzlehttp/guzzle/src/ClientTrait.php(95): GuzzleHttp\Client->request('POST', 'https://fraudcl...', Array)
#11 src/addons/FraudClient/ReportSpam/Repository/FraudClient.php(36): GuzzleHttp\Client->post('https://fraudcl...', Array)
#12 src/addons/FraudClient/ReportSpam/ControllerPlugin/ReportFraudClient.php(101): FraudClient\ReportSpam\Repository\FraudClient->checkUser(Object(SV\SignupAbuseBlocking\XF\Entity\User))
#13 src/addons/FraudClient/ReportSpam/XF/Pub/Controller/Member.php(37): FraudClient\ReportSpam\ControllerPlugin\ReportFraudClient->actionCheck(Object(SV\SignupAbuseBlocking\XF\Entity\User))
#14 src/XF/Mvc/Dispatcher.php(362): FraudClient\ReportSpam\XF\Pub\Controller\Member->actionCheckFraudClient(Object(XF\Mvc\ParameterBag))
#15 src/XF/Mvc/Dispatcher.php(264): XF\Mvc\Dispatcher->dispatchClass('XF:Member', 'CheckFraudClien...', Object(XF\Mvc\RouteMatch), Object(SV\SignupAbuseBlocking\XF\Pub\Controller\Member), NULL)
#16 src/XF/Mvc/Dispatcher.php(121): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(SV\SignupAbuseBlocking\XF\Pub\Controller\Member), NULL)
#17 src/XF/Mvc/Dispatcher.php(63): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#18 src/XF/App.php(2824): XF\Mvc\Dispatcher->run()
#19 src/XF.php(806): XF\App->run()
#20 index.php(23): XF::runApp('XF\\Pub\\App')
#21 {main}
Click to expand...
Yes, the API is passed in the request. If you'd like, create me a restricted admin account and I'll take a look at the addon.
 
Upvote 0 Downvote
I looked through the console and made sure that the problems were with cloudflare. I made a call via curl from ssh and got a stub
Code: 
curl "https://fraudclient.com/api.php?action=search_client_reports"<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"
t looks like the user browser check or some other protection that checks JS support is not disabled

Unable to access the forum. I adhere to the least privilege policy
 
Upvote 0 Downvote
I have completely disabled and paused CF. Please check again.

If that solves it, I'll leave CF off for now until I dive more into the settings to make sure outside connections are exempt to the API.
 
Upvote 0 Downvote
Solution
You must log in or register to reply here.
Back
Top