Api - api (403) | api - curl (ok)

Developers
1

For Workers & Pages, what is the name of the domain?

Every Domain

What is the error number?

403

What is the error message?

403 (idk 2nd API provider is not talkative about this)

What is the issue or error you’re encountering

I don’t get requests from Przelewy24 Server API

What steps have you taken to resolve the issue?

  1. Tried manual api endpoint check with curl and thats working okay (from my own home network, from work network and also from VPN) - it works!
  2. P24 API all they say is: “403, can’t connect to the server, your server blocks our requests”
  3. I’ve tried with origin.api and they couldn’t connect too (maybe they don’t have ipv6, but that’s why I do proxy through CF and it worked before)
  4. Turned of Super-Bot-Fight Mode still nothing
  5. Made Rules - Made Workers to pass that - still nothing

Asked them is it just pre-flight challange - no answers
Asked them to add one more support guy - waiting for response

That’s a kind of UFO problem 'cause I’ve didn’t change anything when it broke down :smiley:

What are the steps to reproduce the issue?

I can only reproduce that or my clients (payment API through Cloudflare Proxy)

Do someone have expirience with polish Przelewy24/PayPro S.A.?
(idk where to put this post)

2

Check your security event log for the reason the requests are being challenged or blocked, then you can adjust your Cloudflare settings and rules as needed…
https://dash.cloudflare.com/?to=/:account/:zone/security/events

3

also i tried to allowlist the provided IP’s and the URI given from API, but now I see something that it isn’t working :smiley:

Can you help me make this address never blocked?

image
image2259×495 41 KB

I’m sure that’s my API - finally someone who understands Cloudflare fluenty <3

4

image
image2262×596 64.1 KB

That’s my “allowlist” for that address but it’s not working :confused:

5

Your screenshot shows the requests are being blocked by Bot Fight Mode. BFM can’t be skipped by WAF custom rules so you’ll either need to disable BFM, or upgrade to a paid plan where Super Bot Fight Mode can be skipped by WAF rules.

6

Okay, so now I do understand.
Thank’s for showing me Security→Analytics <3
have a nice week!