Instant Payment Notifications for Redsys blocked randomly

What is the name of the domain

What is the issue you’re encountering

Random HTTP request blocks from payment processor

What steps have you taken to resolve the issue?

I have set up prior skip rules in WAF for the IPNs as they always come from the same AS number and use the same URL. But after more than two weeks I still see this issue. I think that Cloudflare is flagging some of this traffic as a bad bot but this is disabled in my account. What am I missing?

curl --location ‘https://xxx/xxx/Redsys-Notify
–header ‘Content-Type: application/x-www-form-urlencoded’
–data-urlencode ‘Ds_SignatureVersion=HMAC_SHA256_V1’
–data-urlencode ‘Ds_MerchantParameters=eyJ…ODAifQ==’
–data-urlencode ‘Ds_Signature=6ck3…1SQ=’

What configuration may I be missing?

What is the current SSL/TLS setting?

Full