Form submission breaks when enabling Cloudflare

Hi,

I’m experiencing that my WPForms or Forminator forms refuse to submit when I have enabled Cloudflare. After clicking the submit button stays spinning, but the request to “{website_name}/wp-admin/admin-ajax.php” doesn’t go through.

I have created rules for “{website_name}/en/order*” and “{website_name}/wp-admin*” with the following rules, to basically disable Cloudflare for that specific page, however without success. Would be great if someone could help me find the right settings to I can continue to use Cloudflare for performance improvements :slight_smile:

  • Disable Security
  • Browser Integrity Check: Off
  • Server Side Excludes: Off
  • SSL: Full
  • Auto Minify: Off
  • Security Level: Essentially Off
  • Cache Level: Bypass
  • IP Geolocation Header: Off
  • Email Obfuscation: Off
  • Disable Zaraz
  • Cache Deception Armor: Off
  • Origin Cache Control: Off
  • Opportunistic Encryption: Off
  • Disable Apps
  • Disable Performance

Pausing Cloudflare, fixes the Form again.

Additional info

  • Wordpress version: 6.3
  • Hosting: Limitlesshosting

Request headers

:authority:
{webite}
:method:
POST
:path:
/wp-admin/admin-ajax.php
:scheme:
https
Accept:
application/json, text/javascript, */*; q=0.01
Accept-Encoding:
gzip, deflate, br
Accept-Language:
en-US,en;q=0.9
Content-Length:
3248
Content-Type:
multipart/form-data; boundary=----WebKitFormBoundaryb2AfSSWWLBCHxUbD
Cookie:
pll_language=nl; cookieyes-consent=consentid:MnNQSTV0WktYVklpejRLYlRXT2ZXcDlWVDZobFlzQ0Q,consent:no,action:,necessary:yes,functional:no,analytics:no,performance:no,advertisement:no
Origin:
{webite}
Referer:
{webite}/en/order
Sec-Ch-Ua:
"Chromium";v="116", "Not)A;Brand";v="24", "Google Chrome";v="116"
Sec-Ch-Ua-Mobile:
?0
Sec-Ch-Ua-Platform:
"Windows"
Sec-Fetch-Dest:
empty
Sec-Fetch-Mode:
cors
Sec-Fetch-Site:
same-origin
User-Agent:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
X-Requested-With:
XMLHttpRequest

Related issues

Hi,

Please visit your website and perform the action that would normally result in a request being blocked. Make sure you have Developer Tools open (F12).

If the form submission is blocked with a 403 status code:

  1. Wait a few minutes
  2. Go to Dashboard > Security > Events. If the request was in fact blocked by Cloudflare, you should find an event related to that block action. Depending on your site traffic, you may need to filter by IP address, User Agent, URI Path, etc. to find it. Check the “Service” that blocked it.
  3. If this was
    a) Bot Fight Mode, disable this feature.
    b) Super Block Fight Mode, create a WAF Custom Rule to Skip it for the specific situation, with relevant conditions such as the URI Path and the visitor’s IP, for example;
    c) WAF Managed Rule, you need to create a WAF Exception for that rule. See: Add a WAF exception in the dashboard · Cloudflare Web Application Firewall (WAF) docs
    d) WAF Custom Rule, you need to edit it accordingly.

If instead the form submission was unsuccessful due to a 5XX error, please see this Community Tip for how to investigate and mitigate the issue:

In any case, your Page Rule disabling Cloudflare features would not have any effect preventing the issue and you may want to edit or remove it.

2 Likes

Hi @cbrandt,

Thanks for your response :). I’ve completed your steps, but haven’t been able to resolve the issue yet. This is what I’ve done:

  1. Validated that the /wp-admin/admin-ajax.php gives a 524 error response and not a 403.
  2. Double-checked that there (logically) was no security event logged. This is indeed the case.
  3. Went through the documentation you provided and validated that the 524 issues were not due to a high server load or connectivity issues. I can validate this since the Form submits as expected as soon as I disable Cloudflare.

In addition to the steps above, I’ve also tried:

  1. Disabling the Captcha on the WPForm. This resulted in a 524.
  2. Added debugging to Wordpres by changing wp-config.php. This didn’t give any output, making me assume that the call was never routed to /wp-admin/admin-ajax.php.
  3. Validated that I have set Cloudflare SSL/TLS set to Full. (Not sure if that could impact it, but good to have the info anyway)

Do you have any other suggestions on how I might be able to debug this? I’ve tried all things that I could think of, but seem to be running a bit out of options :sweat_smile:

@cbrandt forgot to mention that based on your recommendations, I also have removed all Page Rules that I’ve configured before.

I really have no suggestions for how to fix an error 524 other than to follow the suggestions in the Community Tip on that error, and perhaps contact the form plugin developers to see if they have an idea of what may be at play. Hopefully another member of this community will give you some recommendations on what to look for.

No worries! Thanks for your time and effort anyway :slight_smile:. I will wait to see if anyone here has any other suggestions and in the mean time see if WPForms can help out. Have a great day!

1 Like

I think I figured it out :slight_smile:! Documenting it here for others running into the same issues in the future.

The main issue with me was that I thought it was related to WPForms due to it not submitting. However, WPForms sends notifications e-mail by default synchronous instead of asynchronous. Apparently, I had my mail A records wrongly configured, causing a block of the submission of the form.

For those wanting to debug whether they have the same issue, they can go into WPForms > Settings > Email and check “Optimize Email sending”. This will result in the email sending not blocking the form submission.

If after that change your form is submitted, you will notice most likely that the notification email is not being sent. This can be fixed by removing the Proxy from the Mail A record, as documented here: https://wpmailsmtp.com/cloudflare-not-sending-wordpress-emails/.

Good luck!

2 Likes

@cbrandt already covered the form issue, just a comment on

Make sure that is Full Strict, otherwise you still have no proper encryption.

2 Likes

@sandro thanks for the tip, will make sure to update right away!

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.