Sync between Lightspeed Retail and WooCommerce no longer working due to 404 error
What steps have you taken to resolve the issue?
This particular site was getting hit hard with credit card scams using the site to filter cards. up to 1000 failed orders a day for a small <$10 item. So we moved the site to Cloudflare to combat this, and it did that perfectly, no more bots hitting the site daily with failed orders.
however, the sync between Lightspeed Retail and Woo has not worked since. This keeps all our stock and orders synchronized between the retail store and the website. Manual adjustment has been the go-to since we moved.
I had a chat support with both our host and also with lightspeed extending to approx 3 hours with each trying to resolve the issue, and it seems that Cloudflare is blocking Lightspeed and returning a 404 error when Lightspeed tries to access the site.
We have added all the IPs that Lightspeed uses into the rules section of Cloudflare, but we are still not able to reconnect the 2.
What are the steps to reproduce the issue?
The issue is ongoing and current. However, it is seen by Lightspeeds dev. They are the ones who informed me that they are receiving the 404 error. I just see the unable to connect issue on our end.
404 means not found, so it is unlikely that this is caused by a block specifically, otherwise you’d see 403 status code. I would suggest getting the affected HTTP request from Lightspeed (URL plus the headers), and then use Trace and Security Events to see which products and rules are invoked on this path to narrow down the root cause.
Thanks so much ncano for your response. I realise that I had actually made a mistake in writing the error description. It was returning a 403 error.
Here is what their support team has sent me regarding the issue…
"The error we are receiving for both issues indicate “Lightspeed Retail received a response from the server in an unexpected format (text/html; charset=utf-8) when trying connect to your WooCommerce store.”
In addition, the payload response is returning a “403 Forbidden” error
In this case, there is potential that the HTML is a red herring and it is showing that due to the 403 response coming through in HTML. Or alternatively the 403 response is because we are not getting the response we are looking for due to it responding in HTML. With us needing JSON, could you check to see if your site is responding via JSON or HTML?
Looking at the screenshot, you or they are sending or trying to send a request via /wp-json/. From my experience, if it’s trusted service or a partner, add the origin web hosting IP address to allowlist under the WAF → Tools → IP Access Rules.
The user-agent string contains “go” (referred for the Go-HTTP used for DDoS, vulnerability probes, etc.)
It knows to happen due to the WordPress using HTTP/1.0 and empty user-agent, therefore while executing WP-Cron or some other related JSON/REST API request via plugin which triggers the WAF rules (as it should normally).
Otherwise, maybe if you temporary disable e.g. Bot Fight Mode if that’s the trigger, or after you provide more feedback, we could suggest to create a custom WAF rule, hopefully to solve this.
You should be able to see the challenged or blocked event under the Security tab → Events at Cloudflare dashboard for your zone and know exactly which security option was triggered. Could be Managed Rules my best guess, otherwise Bot Fight Mode or Browser Integrity Check.
