Hey there,

We’re dealing with webhooks by CCBill and sadly it just won’t work via HTTPS. But we were told HTTP is fine for webhooks only and we’re trying to achieve it.

We’ve set up a page rule for only that Webhook receiving end URL NOT to overwrite with HTTPs, which it doesn’t. It truly is HTTP when we visit it, however, it won’t receive any notifications UNTIL we disable Cloudflare or “Always use HTTPS” rule. So we’re wondering is it somehow still clashing and what can we do about this?

Here is the page rules setup: http://prntscr.com/p0d7ym

What about your global “Always use HTTPS” status?

Though, why does HTTPS not work in this context? It really would be better if you tried to fix the HTTPS issue before thinking about such a workaround.

As @sandro implied, the global “Always Use HTTPS” should be turned off in the SSL/TLS tab.

And just in case there are query strings on the webhook URL, I would put a * on the end after .php so it matches anything calling the webhook.

Hey, sorry if I wasn’t clear enough. Always HTTPS works as intended on our site. But it prevents the CCBill webhook from going through, we’ve tried a bunch of stuff and I was even told nobody had suceeded in making it work. Their technicians also told us to give up and just let it run on HTTP.

So we’re trying to prevent our receiving link of the webhook to work on HTTP. And when you type it in the browser, the page rule we’ve set up, truly made an exception for that link (remained HTTP as intended). However, the webhook still won’t work until we completely shutdown the global Always HTTPS rule, that we’re supposed to have ON, I believe.

I’ve replied to Sandro, check it out, hopefully that makes sense.

That makes me think the webhook is calling something on your domain that’s not matching that page rule. Why not shut down Global Always Use HTTPS from the SSL/TLS tab? You’ve got it enabled in Page Rules for everything else.

Well, can you post the full URL to that hook? Also, why does it not work in the first place? Again, I’d address that issue and would not try to disable HTTPS instead.

Hey, we’re using the page rule always https for domain.com/*

Thats why we cant shut it down. When we do turn off that rule, the webhook works smooth, but we cant, we need the global always https.

ned, 1. ruj 2019. 19:21 sdayman via Cloudflare Community [email protected] je napisao:

How about making that second that second rule a redirect instead of Always use https?

Match just as you have it, but redirect to https://example.com/$1

Hey, we’ve finally fixed it and your second comment was the key. To clarify, we still have Always HTTPS-enabled, we prefer it. We use SSL from Cloudflare.

For anyone that is struggling with this, the solution is as following:

1. Whitelist CCBill IPs in server config and Cloudflare.

2. Use HTTP not HTTPS protocol (e.g. http://www.domain.com/webhook)

3. Set up a page rule for your receiving end of webhook URL to disable browser integrity check, overwrite HTTPS off, SSL off + add a wildcard at the end (example: http://www.domain.com/webhook.php*)

Enjoy your working webhooks.

This topic was automatically closed after 30 days. New replies are no longer allowed.