Bot fight mode blocking API connection - WAF whitelisting won't work

I am using a free Cloudflare plan for my wordpress/Woocommerce online store. For this I use an external shipping software solution: Billbee. Recently I noticed that Billbee can’t connect to my site anymore and I was able to trace the problem back to Cloudflare’s botfight mode.

I found this article referring to my problem:

As described in this post, I’ve already tried whitelisting the Billbee IP or User-Agent but without success.

(ip.src eq

It seems as if the botfight mode would take effect before the firewall rules do.
In the picture above you can see the activity log with the bot fight mode turned off (9:41) as well as in the activated mode (10:07).
The firewall rule only takes effect when botfight mode is turned off.

Is there any other way i can whitelist my API connection and keep bot fight mode running?


Thank you for asking.

:point_right: would be IP Access Rules :wink:


Since it’s related to the WordPress, I’d suggest you to whitelist your origin host / server / hosting IP address by navigating to the Security → WAF → Tools → IP Access Rules with the action “allow” for your Website and try again.

It knows to happen due to the WordPress using HTTP/1.0 and empty user-agent, therefore while executing WP-Cron or some other related JSON/REST API request via plugin.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.