Cloudflare is blocking the callback from the MailPoet plugin on a client’s Wordpress website. I’ve implemented a temp fix (proxy only on the target domain A record), but i’d prefer to set a rule to evade the block if possible.
Account is “free” level, and bots fighter is turned off.
I’ve tried querystring rules, full URI rules, page rules, allow, bypass.
I’ve also tried cron from the server.
None have proven effective.
It must be Cloudflare, though, because as soon as I turn off the proxy everything works.
Maybe something triggers the Bot Fight Mode or some other security feature you’re using and having enabled to protect your Website at Cloudflare dashboard, and if so, you could lookup for any Firewall Events in the WAF → Overview.
It knows to happen due to the WordPress using HTTP/1.0 and empty user-agent, therefore while executing WP-Cron or some other related JSON/REST API request via plugin.
Otherwise, since MailPoet delivers emails via the following IP ranges: 176.9.183.128/27 you could try to search if any IPs getting blocked at WAF → Overview and add the IP range into the Firewall Rule and with the action “allow” and make sure it’s the 1st rule from the above on the list.
Else, adding them one by one to the IP Access Rules, since IP Access Rules accept only /16 and /24.