How to exclude Razorpay Webhook bot in bot-fight-mode?

In our Application, We have enabled Razorpay Webhook for seamless payment.

During development testing I have used ngrok. It is working fine.

My production server is protected by cloudflare and enabled with bot-fight-mode.

When the payment is success. POST request is sent by razor-pay web-hook. But it has been blocked by cloudflare bot-fight-mode.

So I created a firewall rule to allow it.

Still Webhook is blocked by cloudflare?

What should I need to do to allow razorpay webhook to bypass cloudflare by blocking other bots?

Thanks in advance.


You can’t currently change the behaviour/bypass Bot Fight Mode using Firewall Rules. This has been requested a few times in these forums.

I have the same issue. I’ve spoken to their customer support and it’s not something that they currently support. I have no idea why, as it’s a very common scenario for every tech product, and it seems that using the firewall rules should resolve this.

To prevent “fighting” with their Premium-tier product - Bot Management, which is only available in Enterprise plan and Bot Management itself is actually very expensive (pricing is based on estimated number of monthly requests if I’m not mistaken).

If they really provide the option to bypass Bot Fight Mode (or the “better” Super Bot Fight Mode) for certain traffic then I guess the Enterprise sales team will have a headache :thinking:

So they should put it in the product description in big bold letters, and save people and companies weeks of investigations with their customer and sales support.

They also encourage in the dashboard to upgrade your plan from Pro to Business to have “better control” over the bot management, while even after the upgrade you don’t get these functionalities.


I’m not a fan of this approach, as I know I had an issue with SBFM (Likely Automated) on a biz plan that would block something that was not a bot. No way to bypass, so I had to turn it off.

I suppose I could re-visit that issue and open a ticket.


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.