Mollie API's webhooks forbidden (403)

What is the name of the domain?

i dont want to tell in public

What is the error number?

403

What is the issue you’re encountering

Forbidden message

What steps have you taken to resolve the issue?

We have a Mollie webhook that connects to our server and forwards data to Moneybird. Between Mollie and our site, we use Cloudflare. Everything worked fine until September, but starting in October, we’ve been getting 403 Forbidden errors. Does anyone know which settings I need to configure in Cloudflare? I’ve already tried everything with allowlisting, but the issue persists.

Mitigation
Managed Challenge by Managed rules
Cache status
None
Edge status code
403 - Forbidden
Delivered Content type
html

we already switched of the managed rules from cloudflare. same problem.

What are the steps to reproduce the issue?

send a mollie webhook payment :wink:

I’d suggest you to double-check the Security → Events at Cloudflare dashboard under your Cloudflare account for your zone, or via direct link https://dash.cloudflare.com/?to=/:account/:zone/security/events.

You should be able to see the challenged or blocked event under the Security tab → Events at Cloudflare dashboard for your zone and know exactly which security option was triggered. Could be Managed Rules my best guess, otherwise Bot Fight Mode or Browser Integrity Check.

Once you find them, click on a particular one to find more details about it (user-agent, IP, HTTP version …). If yes, could you share some details which service was triggered that blocked you?

You could get their service IP address.

Just in case if you encouter some issues and/or errors, since it’s related to the WordPress, I’d suggest you to allowlist your origin host / server / hosting IP address by navigating to the Security → WAF → Tools → IP Access Rules with the action “allow” for your Website and try again.

Are you using free or paid plan? :thinking:

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.