Blocked IP

Hi i have two shops using PrestaShop platform, both two shops using the same payment gateway.
On one shop only the payment gateway response POST is blocked by Cloudflare’s firewall.

I can’t understand why transactions on my second shop are blocked and those on the first are not, the Cloudflare configuration is the same.

So i inserted a rule in the firewall configuration to allow the payment gateway’s IP, but it don’t works.
The rule is: (ip.src eq 193.41.178.183) or (ip.src eq 193.41.178.43) Action=allow

Now in the firewall log i have two entry for each payment:
03 Jul, 2020 12:14:29 Block Italy 193.41.178.183 Browser integrity check
03 Jul, 2020 12:14:29 Allow Italy 193.41.178.183 Firewall rules

I can’t understand why the first were allowed and the second were blocked, in both cases it’s an HTTP Post and the IP is the same.

Here is the full response of the allowed and blocked entry:
{
“action”: “allow”,
“clientASNDescription”: “EQUENSWORLDLINE Via Zurigo, 3”,
“clientAsn”: “16177”,
“clientCountryName”: “IT”,
“clientIP”: “193.41.178.183”,
“clientRequestHTTPHost”: “www.myshop2domain.it”,
“clientRequestHTTPMethodName”: “POST”,
“clientRequestHTTPProtocol”: “HTTP/1.1”,
“clientRequestPath”: “/module/nexixpay/S2S”,
“clientRequestQuery”: “”,
“datetime”: “2020-07-03T10:14:29Z”,
“rayName”: “5acfd7009e36a89d”,
“ruleId”: “8ed931acc297439cb1249a71f9fc9c15”,
“source”: “firewallrules”,
“userAgent”: “Java/1.8.0_60”,
“matchIndex”: 1,
“metadata”: [
{
“key”: “filter”,
“value”: “d75da8fa7d144325a29807b8ce3a336e”
},
{
“key”: “type”,
“value”: “customer”
}
],
“sampleInterval”: 1
}

{
“action”: “drop”,
“clientASNDescription”: “EQUENSWORLDLINE Via Zurigo, 3”,
“clientAsn”: “16177”,
“clientCountryName”: “IT”,
“clientIP”: “193.41.178.183”,
“clientRequestHTTPHost”: “www.myshop2domain.it”,
“clientRequestHTTPMethodName”: “POST”,
“clientRequestHTTPProtocol”: “HTTP/1.1”,
“clientRequestPath”: “/module/nexixpay/S2S”,
“clientRequestQuery”: “”,
“datetime”: “2020-07-03T10:14:29Z”,
“rayName”: “5acfd7009e36a89d”,
“ruleId”: “bic”,
“source”: “bic”,
“userAgent”: “Java/1.8.0_60”,
“matchIndex”: 0,
“metadata”: ,
“sampleInterval”: 1
}

That probably triggered before your Firewall Rules. Maybe you have that check enabled in Firewall -> Settings for that domain.

Try adding that IP address to Firewall -> Tools as an Allow entry.

This topic was automatically closed after 30 days. New replies are no longer allowed.