Cloudflare Caused Issue to Opencart Payment


After activated Cloudflare on Opencart, when a customer made payment via payment gateway and auto redirect to Opencart, this payment will not be captured, thus, didn’t update the order. After disable Cloudflare, then this issue has been solved.

How to continue to use Cloudflare without breaking the payment? Any settings?

1 Like

Sorry, I acknowledge this and I’ll make sure it doesn’t happen again!

1 Like


Thank you for asking.

May I ask have you tried looking for any clue in access or log files? :thinking:

Have you tried enabling the debug mode for Opecart in case to find anything related to the payment process?

Are you using some 3rd-party (external) payment gateway?

Was the request blocked or? May I ask have you checked Firewall → Overview tab (Firewall Events) at Cloudflare dashboard for your domain name, if so? :thinking:

Is the Rocket Loader option disabled?

Have you implemented the method to restore original visitor IP from article below?:

Are you running some custom-made Page Rules for caching maybe?



May I know what access or log files are you referring to?

I did not enable debug mode for Opencart as I’m not sure how to do this.

Yes, I’m using an external payment gateway named iPay88.

How to know whether the request is blocked or not?

Rocket Loader is disabled.

Did not implement the method to restore original visitor IP. The steps seems complicated. I’ve found another resource that mentioned to implement this code at index.php.


No custom-made Page Rules for caching.

Any other people managed to use Cloudflare with Opencart without any issues for payment gateway?

Thank you for sharing a screenshot.

I can se the service is Security level and Managed Challenge action.

May I ask what option have you got selected for the Security Level at Cloudflare dashboard → Firewall → Settings? :thinking:

Yes, I can see “user-agent”.

You could create a Firewall Rule like if requests comes from a “User-agent” which “contains” the string “iPay” with the action “allow”.

The option is “I’m Under Attack!”

I’ve just created this rule and reactivated Cloudflare. However, the same issue happens. It is still blocked by the Firewall with the same findings.


I’ve also done Page Rule to not cache for the payment gateway. But same issue still happens.

I am afraid this is the issue.

Kindly, change this to “Medium” to resolve your issue.
There is no need to use “I am under an attack” for the whole website all the time as it challenges every request and every visitor.

Last but not the least, kindly see more by reading Cloudflare articles which contain a lot of helpful information for better understanding and usage as well in terms of Security and Protection:

And when to use “I am under an attack”:

After changed to “Medium”, it works. Thanks!

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.