I am thinking about using Cloudflare for the first time and I am trying to figure out whether I should expect callbacks from services like Paypal, Twilio, and Mailgun to be allowed through automatically or whether I will need to explicitly allow them. This post (Paypal IPN - How to add to firewall?) in particular makes me think they will need to be explicitly allowed.
I’d really appreciate an idea of what to expect and if there is some proper documentation on what will be blocked and what won’t.
Yes, you may need to explicitly allow callbacks from services like PayPal, Twilio, and Mailgun by adjusting your firewall settings in Cloudflare. There isn’t a comprehensive list of what will be blocked automatically as it depends on your specific security settings. As mentioned in the post you referenced - Paypal IPN - How to add to firewall? - you could create a Custom Rule to allow the particular IPs.
Thanks @Paige - you say that I “may” need to allow them depending on the firewall settings, so I guess my next question is would they need to bel allowed with the default firewall settings. My concern is if any of these services add new IP addresses / ranges, then they could start being blocked without warning.
so I guess my next question is would they need to bel allowed with the default firewall settings.
Yes, I recommend allowlisting the services you mentioned in order to prevent false positives from potentially occurring. You can use the following features to allowlist: