CCBILL is not working with cloudflare and it's destroying my business

I really need a solution for this. I either need to get rid of cloud flare or figure out how to make it not block the CCBILL IPN. Webhook isn’t working at all. Customers are charged and digital products are not being delivered.
Please help

Make sure you whitelist the IP address of the service in the firewall tab of your dashboard.

I would just like to pile on and say I desperately need a solution for this as well. Anyone smarter than me, please help!!

Here is what we’ve collected so far, Community Tip - Best Practices for Configuring CCBill with Cloudflare. That Tip is asking for refinement, input really appreciated.


We have rules and tools setup already. CCBILL IPN not passing through.

:wave: @lovethesecurves,

Errors in the logs? WAF events on Cloudflare? What does the vendor say? They have access to their logs/callback data… what does it show?


Nothing in error logs, no WAF event showing on CF and Vendor says it’s an issue with Cloudflare not allowing pass through. :frowning:

Check your own access logs to see if your origin server is giving the 403. Anything Cloudflare fully blocks shows up in firewall rules.

Also make sure you’re restoring visitor IPs in case it’s being rate limited or your origin software has issues with the Cloudflare reverse proxy.


:wave: @lovethesecurves,

The vendor should be able to at least provide logs from their end as to what error is occurring to ‘not allow the passthrough’ either an http error code or some type of TLS failure and/or a Cloudflare rayID from the http connection.

It certainly could be a Cloudflare issue (WAF rule or other setting) but it’s impossible to say w/o the details of a connection request or a mechanism to reproduce the callback from their system to debug. I’ve seen more than one 3rd party vendor who had problems with TLS 1.3 or IPv6 connections (for example)… which aren’t strictly Cloudflare issues per se, but there are workarounds possible to address limitations or issues on the vendor side (or bypass the WAF/ change security levels for certain API calls). But that sort of requires either random guessing/changing settings and hoping for the best or actual data on the error involved.

Hopefully they can provide some diagnostic details you could either share here or in a support ticket w/ :logo:.



This topic was automatically closed after 14 days. New replies are no longer allowed.