Sellix API Webhook issues after adding Cloudflare

Since I have added Cloudflare to my website, the webhooks and Sellix API has stopped working so the delivery system is unfunctional. I think cloudflare is blocking Sellix requests and the webhooks don’t work so orders never get marked as completed, products dont get delivered etc.
Would it be possible to allow these somehow?
I have attached a link with an image from the Webhook Logs from sellix where the error is happening.

Sellix support has said that most likely Cloudflare is blocking the requests, however I have no idea how I could make it so the requests don’t get blocked.

You should be able to see the challenged or blocked event under the Security tab → Events at Cloudflare dashboard for your zone and know exactly which security option was triggered. Could be Bot Fight Mode or Browser Integrity.

Once you find them, click on a particular one to find more details about it (user-agent, IP, HTTP version …). If yes, could you share some details which service was triggered that blocked you?

  • you should see your origin host/server IP out there and user-agent like WP-cron or WordPress/version

Just in case if you encouter some issues and/or errors, since it’s related to the WordPress, I’d suggest you to allowlist your origin host / server / hosting IP address by navigating to the Security → WAF → Tools → IP Access Rules with the action “allow” for your Website and try again.

It knows to happen due to the WordPress using HTTP/1.0 and empty user-agent, therefore while executing WP-Cron or some other related JSON/REST API request via plugin which triggers the WAF rules (as it should normally).

1 Like

Thank you for your reply, however my website is not made in Wordpress, it is a php website using the Sellix API to process payments. I will still have a look under the security tab and come back with a reply in a few minutes.

I can’t seem to be able to find anything under the Security → Events. Every action taken is “Managed Challenge” so it doesn’t look like anything would be wrong there.

“Managed Challenge” is supposed to block automated traffic from accessing your origin.

If you want specific automated traffic to be able to access your origin, you need to create rules that would allow that traffic to bypass the challenge.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.