429 on Gateway postback HTTP call

What is the name of the domain?

What is the error number?

429

What is the error message?

Too many requests

What is the issue you’re encountering

My Gateway getting hit with 429 even it does only one HTTP request. Its a async message from Gateway when payment is done so i can send emails and process orders. I inspect the issue and i can see that they dont have user agent set, and i believe CF is blocking because of that. I have some rules to allow range of ips but its still hitting. I need help to solve this im using PRO plan

What steps have you taken to resolve the issue?

I set rule for rate limit for speciffict IP but that is not helping.

What are the steps to reproduce the issue?

U cant reproduce, HTTP is called by Gateway.

Can post a screenshot of that 429 error? Or at least the body text it returns?

Are you seeing these 429 events in your Firewall Events Log?

Thank you for the reply. I am unable to get the body text, since we are in production and I don’t have access to the gateway portal, but during the Test phase I should see the responses from my server to Gateway and indeed it was 429. I will dig deeper to see if I have somewhere in the gpt history. I’m sharing screenshot from the CF dash so u can see. I don’t know what rule to set to avoid this 429. I allowlisted all IPs from the server, but that’s not the issue wince this is a HTTP request. I am getting frustrated with this.

And that 429 doesn’t show up in Firewall Events?

https://developers.cloudflare.com/waf/analytics/security-events/paid-plans/

Also, can you try changing the Filter from “Edge status code” to Origin status code? That will narrow down where it’s coming from.

No inside Events i do not see that. Using Origin status code gives me the same thing. There is one thing I just realized. I can create a custom limiting rule where I can set specific URL parameter. This Gateway always calls dynamic URL and I can wildcard it: ?wc-api=wc_allsecureexchange&action=webhook - there is more param appended at the end of the URL, but this should be fine if I set for example 1000 requests per 1 minute, this rule should avoid hitting this PUT request with 429, let me know if I am wrong?

This 429 is not showing in the event list, and as soon as I disable CF I receive a postback message normally. Keep in mind that all server IP ranges are allowlisted and set to skip the default rules of CF. The only thing that comes to my mind is that the User-agent is empty, and that produces instant 429.

This sounds like it’s the origin returning the 429, and not Cloudflare.

If you can get a look at the response body, that should confirm where that 429 is really coming from.

Managed to find: (
[statusCode] => 429
[errorCode] => 0
[errorMessage] =>
[headers] => Array
(
[date] => Sun, 01 Sep 2024 21:42:49 GMT
[content-type] => text/html
[x-edge-location] => WPX CLOUD/VIEN01
[cf-cache-status] => DYNAMIC
[report-to] => {“endpoints”:[{“url”:“https://a.nel.cloudflare.com/report/v4?s=hcxp1EUWjrewLZuwFrWQ6wc3SKMqoduyOIQvJmznpEzI5%2FgQOhQ7DVRGZhJw41MHhf77L5E2HslVpi75nwdt4e1Vo7SacUDdOK5vfQqm6f9IFO7MlcnHKGzvp3U9gQ%3D%3D”}],“group”:“cf-nel”,“max_age”:604800}
[nel] => {“success_fraction”:0,“report_to”:“cf-nel”,“max_age”:604800}
[server] => cloudflare
[cf-ray] => 8bc86eadab3d5a90-VIE
)

[body] => <html>
429 Too Many Requests

429 Too Many Requests


openresty

)

I do want to emphasize that as soon as I disable CF this 429 is not happening. Also I have investigated on my WPX directly to see if there I specific Rate limiting rule, but there is not. Gateway server is just sending one message, there is no valid reason to exceed Rate limiting rule.

It’s probably seeing too many requests from Cloudflare as a whole, and not looking at the cf-connecting-ip header.

The Openresty message is clear confirmation it’s the origin rate limiting the Cloudflare request.

I am adding as image. It’s clear that Cloudflare challenge has been put on this request.

What is the solution here?

Nope. That’s an Openresty message. Not a Cloudflare-branded Rate Limiting error.

Every time someone tries to argue the Openresty block is coming from Cloudflare, they eventually find out from the host there’s a firewall the user was not aware of.

You’ll need to work with your host to fix this.

Ahaaa, now I get it. Honestly, i don’t want to put this on CF but as I could read, not so experienced, I assumed it was CF, and from the image, I sent now u can see that there are not so many requests in the timespan, and CF has 1200 per 5 min, and in my case it’s not even close.
Screenshot_71

I just don’t understand why when I put CF on pause, my response comes through. I have tested this yesterday and today.

So to conclude, you are referring to that this 429 is coming from my WPX server or this is Gateway response?

When you pause Cloudflare, requests then come from visitor’s unique IP addresses, instead of Cloudflare’s narrow grouping of IP addresses.

Most likely something your host has in front of your server.

I got it now, so since I’m proxied via CF, my server does not see the original IP rather sees the CF IP request, and blocks the request, and than we can see that Origin still shows the 429, and that indicates that my server blocked the request.
I appreciate your time, please do not close this thread, I will investigate again on my server. Thanks a ton!

1 Like

The issue has been resolved, and the host has set some rules to exclude those requests that are proxied via CF. Thank you!

1 Like

This topic was automatically closed after 15 days. New replies are no longer allowed.