CloudFlare blocking PayU

We have migrated to wpengine servers and the PayU payment system stopped transmitting transaction status correctly.

I have contacted PayU support, who says that Cloudflare is blocking the traffic and they see that they are receiving HTTP 403 and error code: 1010 in response.
They advised to add IP addresses to the whitelist and to allow the User-Agent header: Jakarta Commons-HttpClient/3.1

IP address list: 185.68.12.10, 185.68.12.11, 185.68.12.12, 185.68.12.26, 185.68.12.27, 185.68.12.28

We did not make any changes to Cloudflare except to change the CNAME and A records for the “Advanced Network” support of the new WPEngine server, and so far everything has worked.
Of course IP addresses are added to the whitelist, header verification is disabled.
In addition, I added WAF rule to Allow header Jakarta Commons-HttpClient/3.1

I also contacted the WPEngine hosting to verify that they are the ones blocking the incoming traffic, however, they do not see any connection or header I mentioned earlier.
PayU is not receiving the correct confirmation making the orders have a status of “On Hold” instead of “Processing”

Do you have bot fight mode on?

Just white list those ip addresses in waf - tools section, or get them to apply for bot fight mode exemption.

It would be easier to fix immediatley to whitelist the i.ps or turn off botfight mode as many do since it breaks everything unless you pay for enterprise

All IPs are whitelisted (for over year) for production and sandbox

BIC is disabled. It worked earlier even with BIC enabled

Super bot fight mode was unchanged for over year

Hmmm interesting. The i.ps are whitelisted in the tools section and not a custom firewall rule? Just double checking.

Overall if so, those rules should exempt the ips with bot fight mode, you should raise a ticket not much anyone can do here.

Yup, IPs are whitelisted in Security → WAF → Tools (IP Access Rules).

Thanks for advice and your time. Ticket created

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.