Exception firewall plugin packlink pro

Hello, I have installed this plugin to send orders, but having the firewall active does not work, in support of the plugin they have told me this:

The task for updating shipping services is queued but not executed.

Using a debug endpoint, we tested the async process endpoint, which is essential for task execution and the request returns a 403 response:

*   Trying 172.67.163.132:443...
* TCP_NODELAY set
* Connected to tucursodeinglesonline.com (172.67.163.132) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=CA; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
*  start date: Sep 20 00:00:00 2020 GMT
*  expire date: Sep 20 12:00:00 2021 GMT
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x559e929d9500)
> POST /?packlink_pro_controller=Async_Process&action=run&guid=test HTTP/2
Host: tucursodeinglesonline.com
accept: */*
cache-control: no-cache
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 403 
< date: Thu, 15 Apr 2021 10:20:11 GMT
< content-type: text/html; charset=UTF-8
< set-cookie: __cfduid=d2b090d7b4df7df375ae25d3ad5b8c4f61618482011; expires=Sat, 15-May-21 10:20:11 GMT; path=/; domain=.tucursodeinglesonline.com; HttpOnly; SameSite=Lax
< cf-chl-bypass: 1
< cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< expires: Thu, 01 Jan 1970 00:00:01 GMT
< x-frame-options: SAMEORIGIN
< cf-request-id: 0976a4b3710000faa4fda9d000000001
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=z7KGv1TWc8setjVw4a3bpruhXJ21oR9eMQz9Z%2FwwACZFWaoopdEor8M19FoVlfi%2FT6gIAl9HgCtsSlFOTxZOu0dBg8jmLERgk2E05DXyBI9qwHu1%2BzeSB5KY"}],"group":"cf-nel","max_age":604800}
< nel: {"max_age":604800,"report_to":"cf-nel"}
< server: cloudflare
< cf-ray: 64047098bbf8faa4-AMS
< alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
< 
* Connection #0 to host tucursodeinglesonline.com left intact
HTTP/2 403 
date: Thu, 15 Apr 2021 10:20:11 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d2b090d7b4df7df375ae25d3ad5b8c4f61618482011; expires=Sat, 15-May-21 10:20:11 GMT; path=/; domain=.tucursodeinglesonline.com; HttpOnly; SameSite=Lax
cf-chl-bypass: 1
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
x-frame-options: SAMEORIGIN
cf-request-id: 0976a4b3710000faa4fda9d000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=z7KGv1TWc8setjVw4a3bpruhXJ21oR9eMQz9Z%2FwwACZFWaoopdEor8M19FoVlfi%2FT6gIAl9HgCtsSlFOTxZOu0dBg8jmLERgk2E05DXyBI9qwHu1%2BzeSB5KY"}],"group":"cf-nel","max_age":604800}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 64047098bbf8faa4-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

Please make the async process endpoint accessible on your server.

The endpoint URL is [https://tucursodeinglesonline.com/?packlink_pro_controller=Async_Process

How can I add this exception in the firewall?

May I ask is this an Cloudflare plugin/app or some plugin like for WordPress CMS, etc?

I got Cloudflare Captcha when visiting it either sending a HTTP POST request from Postman app.

Is that a normal behaviour of your Cloudflare security settings (like Security Level High?) or DDoS protection for that URL, or you have some Firewall Rule where the Challenge Captcha option is being enabled maybe on the whole domain to challenge every request which is not comming from a specific country, or why and how else would it got triggered?

Hello, I have a rule for requests outside my country that have to do a captcha and I wanted to add an exception for this plugin

May I also ask, the URL for that POST request, does the server itself run it like a cron/scheduled job, or an user with some specific permissions, or an regular website visitor?

Like, for example, if the server has to send/execute the request via that URL with the needed parameters (query), then you can add your server IP address as “whitelisted” or “excluded” in combination with your existing Firewall Rule using “AND” operator.

(http.request.uri.query contains "packlink_pro_controller" and ip.src ne YOUR_SERVER_IP_ADDRESS_HERE)

  • if the request is not comming from specific IP address and does not contains packlink_pro_controller, block/challenge it, else if it contains packlink_pro_controller and is from the specific IP, bypass/allow it (do not challenge it with captcha) - depending how your rule is it, a “positive” or a “negative” way with the “action” to get it done …

Or maybe possible too with:

(http.request.uri.path contains "the_specific_url_part" and ip.src ne YOUR_SERVER_IP_ADDRESS_HERE)

Or create a new Firewall Rule above the existing one with “bypass” for that requests as general rule, but be aware if someone else figures it out, it could do some potential harm when executing that POST request (better to limit it by IP or some else criteria).

Hello, the request is executed when I make a sale on the web. It is necessary to make this request since it is to a package delivery app, which sends the product to the customer’s home.

Currently cloudflare is cutting it. I need to add the exception for the request to pass to packlin pro. Thanks

Does anyone know how I could do it? Thanks

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.