Was the site working with SSL prior to adding it to Cloudflare?
Yes
What is the current SSL/TLS setting?
Full
What are the steps to reproduce the issue?
now cloudflare is paused. but if you run it our third party partner won’t be able to “confirm” orders payment because of Cloudflare. They need to call their API on our server to communicate the result of their process.
We put this rules : (ip.src eq 52.29.68.50) or (ip.src eq 18.196.218.150) or (ip.src eq 18.158.89.154) or (ip.src eq 54.195.131.90) or (ip.src eq 52.49.220.119) or (ip.src eq 54.220.89.122) or (http.request.uri.path contains “/wc-api/aplazame/”) or (http.request.uri.query contains “?path=/confirm/”) but the 403 errror was still fired… we put in pause cloudflare and soon a call was ok, precisely on 19:15 of the 19/12/2024… so the reason of the 403 is cloudflare. We don’t know how to grant that third party to call without any issue the API… can you help me?
May I ask if those IP addresses are the ones where the WordPress and WooCommerce is installed and hosted, the web server/origin host IP addresses?
Or maybe from the 3rd-party service?
If so, just in case add the IP address of server and/or 3rd-party service into the IP Access Rules with the action “allow” for your Website instead of using Custom WAF Rule:
Can use only path=/confirm/ no need for ? in front here.
