Rule to bypass WAF

russ14 · April 10, 2025, 2:47pm

What is the name of the domain?

na

What is the error number?

na

What is the error message?

na

What is the issue you’re encountering

I use WHMCS and having issues with callback from api1.whmcs.com being blocked by cloudflare. I cannot just allow the IP as this can change, so I need to either allow api1.whmcs.com or exclude the URL /modules/gateways/callback/gocardless.php from WAF. The DOCS seem to be outdated, as everything mentioned there no longer seems to exist.

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full

dmartin1 · April 15, 2025, 3:15pm

Hello,

Are you following the documentation to create a custom WAF skip rule?

You can also be more selective on the rules you are skipping, if you check to see what is blocking your call.

You can search your security events by rayID to see what is causing the issue:

Topic		Replies	Views
WAF exceptions? Security	2	31	October 15, 2024
WAF components to skip through custom rule under API Security	1	381	January 5, 2024
Cookie whitelisting Security	2	46	February 5, 2025
WAF rule with Skip action is not working as desired Security	2	1658	August 10, 2023
WAF - action allow not skip Security	3	722	October 17, 2023