Hello,
We are running a wordpress site that uses a Quickbooks Plugin to sync with Quickbooks. Cloudflare is blocking the POST request to our endpoint and I do not know why. When “Pausing” cloudflare, everything works. We are not using WAF, but even after adding a rule to explicitly allow the endpoint it still fails.
Any help in the right direction would be much appreciated.
Thank-you!
Hi,
Skip it for the specific situation, with relevant conditions such as the URI Path and the visitor’s IP, for example;That indicates that perhaps the requests are not being blocked, but not completed due to a 5XX error. If you do not find any Security Events related to these requests, please go to Analytics & Logs, then filter by
Edge error code greater or equals 500
Thank-you.
I do not see any blocked event by default.
We were not using any WAF rules; however, in an attempt to solve this, I implemented a WAF rule to explicitly allow the endpoint && request method. After that was implemented I do see the matched security event - although the request still fails (443 - unauthorized). The action that I have is “Skip” and I’ve selected to skip everything possible.
I am looking at Cloudflare because of the response packet from the endpoint:
Array
(
[status] => Array
(
[protocolVersion] => 1.1
[statusCode] => 200
[reasonPhrase] => OK
)
[header] => Array
(
[Date] => Wed, 19 Jul 2023 18:47:35 GMT
[Content-Type] => application/json
[Transfer-Encoding] => chunked
[Connection] => keep-alive
[x-powered-by] => PHP/8.1.20
[vary] => Accept-Encoding
[strict-transport-security] => max-age=7776000; includeSubDomains; preload
[x-frame-options] => SAMEORIGIN
[x-content-type-options] => nosniff
[CF-Cache-Status] => DYNAMIC
[Report-To] => {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QaW1rpPkFan7vxkyI36kuqBq%2B1cp0xLYiobHwXMZXwJ%2FKAXK2kquEPlV%2BKJyvfhu6phQAZCaa98mjz9owQIw261n%2BaFih4ObPPIhfV889IH4SQY7nbxwstmhGMX4ePOK4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
[NEL] => {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
[Server] => cloudflare
[CF-RAY] => 7e95222bed582273-ORD
[alt-svc] => h3=":443"; ma=86400
)
[body] => {"success":0,"message":"Not Authorized"}
)
In addition, when “pausing” cloudflare, the action passes.
I do wonder what the security level “medium” implements by default, and if that may have something to do with it.
Thanks!
The request status is actually 200, not 443 (which is probably a reference to the default port number used by HTTPS connections.)
This response as “Not Authorized” apparently comes from the WordPress endpoint itself, and it seems to be related to authentication: But that’s odd, as a non-authorized request would normally get one of 400 Bad Request, 401 Unauthorized, 405 Method Not Allowed, or 403 Forbidden status codes.
Somehow your origin seems to be expecting something that is not being passed on by Cloudflare. Perhaps a cookie? Or a different IP address…Have you set your origin server to restore original IPs?
Security level is a broad net based on IP reputation only. It would block requests coming from IPs with a threat score above 14. It’s not related to what you’re seeing, as the status code 200 means the request was not blocked.
https://developers.cloudflare.com/fundamentals/security/security-level/
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.