Cloudflare is blocking the callback from the MailPoet plugin on a client’s Wordpress website. I’ve implemented a temp fix (proxy only on the target domain A record), but i’d prefer to set a rule to evade the block if possible.
I’ve followed a number of similar thread with attempts at a solution (particularly this one, which seems to closely resemble my experience Task Scheduler URL being blocked/protected by Cloudflare - #16 by muhammadhusnain.981) but I’ve had no luck.
Account is “free” level, and bots fighter is turned off.
I’ve tried querystring rules, full URI rules, page rules, allow, bypass.
I’ve also tried cron from the server.
None have proven effective.
It must be Cloudflare, though, because as soon as I turn off the proxy everything works.
Thanks for any help anyone can offer.
Maybe something triggers the Bot Fight Mode or some other security feature you’re using and having enabled to protect your Website at Cloudflare dashboard, and if so, you could lookup for any Firewall Events in the WAF → Overview.
Related to the WordPress, I’d suggest you to whitelist your origin host / server / hosting IP address by navigating to the Security → WAF → Tools → IP Access Rules with the action “allow” for your Website and try again.
It knows to happen due to the WordPress using HTTP/1.0 and empty user-agent, therefore while executing WP-Cron or some other related JSON/REST API request via plugin.
Otherwise, since MailPoet delivers emails via the following IP ranges:
18.104.22.168/27 you could try to search if any IPs getting blocked at WAF → Overview and add the IP range into the Firewall Rule and with the action “allow” and make sure it’s the 1st rule from the above on the list.
Else, adding them one by one to the IP Access Rules, since IP Access Rules accept only /16 and /24.