Cloudflare settings for Memberium plugin in WordPress on WPEngine

Hi - I am setting up a WPEngine WordPress site to provide e-learning. For my membership platforms I am using Memberium, linked to Infusionsoft.

After installing the Memberium plugin, I saw lots of errors in the logs. When I contacted Memberium support they directed me to this document: How to Configure CloudFlare for use with Memberium.

The problem is summarised in the article as: “HTTP POSTs Failing - CloudFlare’s security options may block HTTP POSTs from your Infusionsoft app. This will result in actions such as password generation failing to succeed.”

The article goes on to say: Previously, it was possible to whitelist traffic from this IP Address knowing it was coming from Infusionsoft. Currently, HTTP POST’s can be sent from a wide range of IP’s, which is why whitelisting IP won’t work. Instead of using IP Addresses for the whitelist, you should use the User-Agent to check for Infusionsoft. Basically, check if HTTP POST header data has “Infusionsoft” (without quotes) as the User-agent.

The article tells me that I need to setup rules in Cloudflare controlling which pages should bypass the caches. The URL pattern should look like http://yourdomain.com/?operation=* where yourdomain.com should be changed to your domain.

  • Forwarding should be turned off
  • Always Online should be turned off
  • Security Level should be Essentially off
  • Performance should be off.

However, I cannot find where to make these changes in my Cloudflare dashboard.I cannot see the settings interface that is shown in the Memberium support article. Might it be that they are unavailable on my current free Cloudflare plan?

I’ll be grateful for any advice.

Thanks very much

That’s a Page Rule. You probably don’t have Forwarding enabled for anything, so here’s the rest:

1 Like

Thanks for your recommendation.

Here’s a screenshot after I made the changes you suggested. I’ll be grateful if you can confirm that I’ve done this correctly and that this rule will achieve what Memberium recommend.

At the moment, I don’t understand how this Page Rule applies specifically to information coming from InfusionSoft. It appears that the changes simply remove firewall protection from my whole domain? This same effect could presumably be achieved by turning off CloudFlare for the domain?

As I understand it, what I’m trying to achieve is to ensure that HTTP POST operations from my Infusionsoft app are reaching my Memberium site, whilst retaining the overall security normally provided by. Cloudflare.

Thanks for your help!

I don’t know how Memberium functions, but the page rule you posted matches their instructions.

That page rule loosens up Cloudflare services on that particular URL, including whatever comes after the equal sign. Anything not matching that URL will continue to use full Cloudflare services.

1 Like

Thanks @sdayman. I will now get in touch with Memberium support and get their observations. I’m grateful for your help!

1 Like