Hello, I have a subdomain using woocommerce and printful which has been running for over a year. Recently I received a sync error on printful saying it can’t sync with woocommerce and that it’s a hosting issue.
Hosting provider believes its a Cloudflare issue… I did have a developer do some cloudflare work a while back, and think this might have been the issue, but he’s no longer contactable. Does anyone have any ideas of what this could be?
Thank you in advance
Cloudflare is not a hosting provider. We only route traffic between your origin/hosting provider and the visitor, so if this is related to the hosting provider, you need to find out who this is.
You can go to your Audit Logs and see what changes has been done to your Cloudflare account by the developer.
You can also see if there are any false positive doing a block on printful by following this guide:
You can search for a blocked or challenged request in the Security app under the Overview tab in the Firewall Events section of your Cloudflare Dashboard.
Understanding Cloudflare Firewall Analytics
The Cloudflare WAF contains mainly 2 packages:
- Cloudflare Managed Ruleset: These rules are managed by Cloudflare WAF Engineers.
- OWASP ModSecurity Core Rule Set: These rules are not managed by Cloudflare. They are created by the OWASP Group and Cloudflare integrates with this OWASP package as part of our WAF for additional security.
For “security reasons”, we don’t provide the rule patterns, as this would increase the likelihood that a malicious party could learn to bypass the rules. However, If you would like to know why a WAF rule has triggered, you can enable the payload logging feature. This feature is only available for customers on an Enterprise plan. It allows you to log the request information that triggered a specific rule of a Managed Ruleset. This information is known as the payload. Payload logging is especially useful when diagnosing the behavior of WAF rules. Since the values that triggered a rule may contain sensitive data, they are encrypted with a customer-provided public key so that only you can examine them later.
If you’re encountering false positive due to the legacy WAF, there are 5 actions that you could take here:
Add the IP(s) doing the request to the IP Access Rules in the allowlist, if the users connecting to your backend are always using the same IP address.
This is the best solution as it does not affect the site security.
How do I control IP access to my site?
Disable the affected WAF rule(s)
This will reduce the security of the site, but will stop the requests from getting blocked/challenged.
How do I configure the WAF?
Skip the WAF with a Firewall Rule
You can create a Firewall Rule with the skip action for the WAF to be deactivated for a specific combination of parameters. You could for example only bypass the WAF for a specific URL and a specific IP or user-agent:
Firewall rules actions · Cloudflare Firewall Rules (deprecated) docs
Disable the Web Application Firewall from the requested endpoint (not recommended!)
This will result in lower security, as the WAF will no longer be applicable on that location.
This action is done by using Page Rules:
Understanding and Configuring Cloudflare Page Rules (Page Rules Tutorial)
If the rule blocking is
981176 (legacy OWASP), it means it was blocked by the OWASP rules. You need then to decrease the OWASP sensitivity: a request was blocked by rule 981176, what does that mean?. If decreasing the OWASP sensitivity doesn’t solve the issue, you might need to apply one of the other actions described above (1, 2, 3 or 4).
If you’re encountering false positive due to the new WAF, there are two actions that you could take here:
Add WAF Exception
You can define WAF exceptions in the Cloudflare dashboard or using the Rulesets API.
If the rule blocking is
949110 (new OWASP), it means it was blocked by the OWASP rules. You need then to decrease the OWASP Anomaly Score Threshold or lower the OWASP Paranoia Level.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.