Cloudflare blocking Zapier

Hi,

I have an issue where I am trying to connect my WordPress Website to Zapier.
I get an error 503.
But when pause Cloudflare on the site, it works fine.

Has anyone faced this before? What do I need to do to make Zapier work with my site?

Thank you for your help.

Greetings,

Thank you for asking.

May I ask you to check for any Firewall events / requests being challenged or blocked when you navigate to the Firewall → Overview tab at Cloudflare dashboard for your domain name? :thinking:

Furthermore, is the Bot Fight Mode option enabled?

Have you blocked access to your XML-RPC due to security reasons?
Do you have some security plugin installed like Wordfence Security?
Are you blocking your REST API access?
Or allowing only to autenticated user with granted rights /password to access it?

Have you checked this one?:

1 Like

I’m having the same issue. I have a firewall rule in place to allow the user-agent of Zapier, but it still gets blocked by Super Bot Fight mode. We’re on a Pro account, but it seems that our firewall rules do not affect things that are blocked by Super Bot Fight mode? How do we make an exception for Zapier?

Furthermore, is the Bot Fight Mode option enabled? Yes.

Have you blocked access to your XML-RPC due to security reasons? - No
Do you have some security plugin installed like Wordfence Security? - Yes.
Are you blocking your REST API access? - No
Or allowing only to autenticated user with granted rights /password to access it? - No.

Have you checked this one? - Yes, but I’m not sure it applies here.

The Zapier Support team was unable to help me and asked me to contact Cloudflare support.
I got a list of thousands of AWS IPs from Zapier to whitelist. But that can’t be the solution, as people are facing issues even after whitelisting IPs in the Firewall settings.

Yep, I found them here:

I am just not sure, if you allow Amazon AS number (AS16509) in the IP Access Rules with “Allow”, even if it would work, that would be a tricky one because a lot of “bad bots” and “price/product scrappers” also come from Amazon AS numbers too on a daily basis :confused:

Which in this case, is even worse (as we would allow everyone from Amazon to access our website and attack, if so) than allowing all of us-east-1, which also is not going to be the right solution.

Yep, I found also a possible workaround but hm … like using a Firewall Rule if “User-Agent” contains “Zapier” with the action “allow”, but again as @web stated it’s also blocked due to the Bot Fight Mode which executes before :confused:

@web @ankitbasu And disabling Bot Fight Mode isn’t an option too, right? :thinking:

Correct - Bot Fight Mode really needs to stay enabled - it’s largely the reason we use CF on this particular site. What is the possible workaround you are looking at @fritex ?

Yes, correct. I would prefer not to disable bot fight mode. It is a large reason of why I use Cloudflare.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.