Woocommerce Payment not working with CloudFlare enabled. Cannot change Order status

Hi there,

We are having some issues with 2 WP/WooCommerce websites using Cloudflare and their respectives payment services.

Each website has it’s payment service for specific payment methods.
This includes communication between Website and Services’ endpoints.
For example: after a successful payment, the Service returns an instruction to change order status.

However this is not working with Cloudflare. The payment goes through but the orders don’t change status.

We tried (as part of Services’ support suggestions):

  • Essensitally Off Firewall
  • Firewall Rules Allowing the Endpoint IP
  • Firewall Rules Bypassing the Endpoint IP
  • Added IP to Allowed IP list

Disabling Cloudflare was the only setting that worked!

#1 Website’s Service response after successful payment:

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta name="robots" content="noindex, nofollow">
<title>One moment, please...</title>
<style>
body {
    background: #F6F7F8;
    color: #303131;
    font-family: sans-serif;
    margin-top: 45vh;
    text-align: center;
}
</style>
<script type="text/javascript">if (top != self) {top.location.href = self.location.href;}</script><script type="text/javascript">var csrfMagicToken = "sid:d5d7df916772a40b1627b4788ce1bbae5da66da4,1646923195";var csrfMagicName = "_mcasgrifc";</script><script src="https://gestao.eupago.pt/gestao/js/csrf-magic.js" type="text/javascript"></script></head>
<body>
<h1>Please wait while your request is being verified...</h1>
<form id="wsidchk-form" style="display:none;" action="/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f" method="get">
<input type="hidden" id="wsidchk" name="wsidchk"/>
</form>
<script>
(function(){
    var west=+((+!+[]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+[])+(+!+[]+!![]+!![])+(+!+[]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![])),
        east=+((+!+[])+(+!+[]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+[])),
        x=function(){try{return !!window.addEventListener;}catch(e){return !!0;} },
        y=function(y,z){x() ? document.addEventListener("DOMContentLoaded",y,z) : document.attachEvent("onreadystatechange",y);};
    y(function(){
        document.getElementById('wsidchk').value = west + east;
        document.getElementById('wsidchk-form').submit();
    }, false);
})();
</script>
<script defer src="https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194" integrity="sha512-Gi7xpJR8tSkrpF7aordPZQlW2DLtzUlZcumS8dMQjwDHEnw9I7ZLyiOj/6tZStRBGtGgN6ceN6cMH8z7etPGlw==" data-cf-beacon='{"rayId":"6e95f8b5fd2e5b68","version":"2021.12.0","r":1,"token":"c0bd217f1dc94c168736ddbd7e8cd773","si":100}' crossorigin="anonymous"></script>
<script type="text/javascript">CsrfMagic.end();</script></body>
</html>

#2 Website’s Service response after successful payment:
(the service provided the log via images, don’t ask why. Used OCR to convert to text)

<!DOCTYPE HTML>
<html lang="en-US">
<head>
	<meta charset="UTF-8" Jr>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" I>
<meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=l" I>
<meta name="robots" content="noindex, nofollow" I>
<meta name="viewport" content="width=device-width,initial-scale=1" I>
<title>Just a moment...</title>
<style type="text/css"> 
	html, body {width: 100%; height: 100%; margin: 0; padding: 0;} 
	body {
		background-color: #ffffff; 
		color: #000000; 
		font-family:-apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Helvetica Neue",Arial, sans-serif; 
		font-size: 16px; 
		line-height: 1.7em;
		-webkit-font-smoothing: antialiased;} 
	h1 { text-align: center; font-weight:700; margin: 16px 0; font-size: 32px; color:#000000; line-height: 1.25;} 
	p {font-size: 20px; font-weight: 400; margin: 8px }
	p, .attribution, {text-align: center;}
	#spinner {margin: 0 auto 30px auto; display: block;} 
	.attribution {margin-top: 32px;} 
	@keyframes fader { 0% {opacity: 0.2;} 50% {opacity: 1.0;} 100% {opacity: 0.2;} }
	@-webkit-keyframes fader { 0% {opacity: 0.2;} 50% {opacity: 1.0;} 100% {opacity: 0.2;} 
	#cf-bubbles > .bubbles { animation: fader 1.6s infinite;} 
	#cf-bubbles > .bubbles:nth-child(2) { animation-delay: .2s;} 
	#cf-bubbles > .bubbles:nth-child(3) { animation-delay: .4s;} 
	.bubbles { background-color: #f58220; width:20px; height: 20px; margin:2px; border-radius:100%; display: inline-block; }
	a { color: #2c7cb0; text-decoration: none; -moz-transition: color 0.15s ease; -o-transition: color 0.15s ease; -webkit-transition: color 0.15s ease; transition: color 0.15s ease; } 
	a:hover{color: #f4a15d} .attribution{font-size: 16px; line-height: 1.5;} 
	.ray_id{display: block; margin-top: 8px;} 
	#cf-wrapper #challenge-form { padding-top:25px; padding-bottom:25px; } 
	#cf-hcaptcha-container { text-align:center;} 
 	#cf-hcaptcha-container iframe { display: inline-block;}
</style> 
<meta http-equiv="refresh" content="35">
<script type="text/javascript"> 
//<![CDATA[ 
(function(){ 
window._cf_chl_opt={ 
	cvId: "2", 
	cType: "non-interactive", 
	cNounce: "28344", 
	cRay: "6efa2011ad1471f3", 
	cHash: "f907bab122a769c", 
	cUPMDTk: "\/wc-api\/pagaqui-notification\/? cf_chl_tk=h0TnDJARZIojcM04.dclEzQGTOZv5XHnayAxhnCxhqFM-1647901755-0-gaNycGzNC_O", cFPWv: "b", eiTimeMs: "1000", 
	cRq: { 
		ru: "aHROcHM6Ly9yb3V4cH3vZmVzc21vbmFsLn80L3djLWFwa59wYWdhcXVpLW5vdOlmaWNhdalvbi8=", 
		ra: "R3V6emx1SHROcC82LjUuN5BjdX3sLzcuNjguMCBQSFAvNy4OLjI4", 
		rm: "UE9TVA==", 
		d: "WBRIGE6RTuEf8UAXzfdC3G5M7CdqNea9jN5e9Z3Rcx2VaQYmgaFqXaUdXrI8baiAp3O+XYkmfhMearDrybzP6Z6vavphRrJkC uQs1Z/ffOCQEdGFFwnkdFtZAJEusZOkPF47zLfHkVL4RxipLTSQBiD8LXr06YHpotoflehrtw5Fk6P1MxQGdmvtjBn+jhOH6ar4zB 6V6sP955jPjucRyUV611hTexEBPeGYwtmbF5h/iXcbXtTJLBekM666vNDq]txf8Kcf1g/3ZmvjTwyEem+OWQ21gLv2fhLfY5NfRY jhJ5guzZQIuq6/Yi4f+fKi1RDVvMKzH85910AQx/whN2uE9gZCbb+K46S9jPfbaqvENE8Q106xpVaKhqT2wpIZ5L2HOybIVcA8RM poeYz/UAWCATXmPt1Ho/a6WduhBK+1TxV8L8VWYWv1gY/nVlnyOre5eE105A52EqgkcwlioRr6brW/Uo93Cskbmu316cuHNFOZDXi g5/5p7y1UAhvKzglkFVq+V1Eq0qtuR9u+DfDXPQEGTJDZxPhsZly5bwY=", 
		t: "MTYONzkwMTc1N54xNDchMDA=", 
		m: "nAf2jIT9s2CIj+M5oVggB4Kdp7TnT6G1Dao2XN49+0=", 
		i1: "IRvpE5aqzaHcN56dZDKRrA==", 
		i2: "OfKqwf7QKK60f0U7DF2QXA==", 
		zh: "Gslf1Hfo0E1t6dsf6DKRkoFLVtFCmV2g9fTR78ZAahE=", 
		uh: "r0245Rrtgwa51z6pCwAnr3lIn289PzatXLwqI7+nQ6Y=", 
hh: "/+V5mpoWXQY8BEr72o5LSC41/e6Fnt/MMErOASFQCq8=", 
window._cf_chl_enter = function(){window._cf_chl_opt.p=1}; 
})();
//]]>
</script>
</head>
<body>
<table width="100%" height="100%" cellpadding="20">
<tr>
<td align="center" valign="middle">
<div class="cf-browser-verification cf-im-under-attack">
<noscript>
<hl data-translate="turn_on_js" style="color:#M2426;">Please turn JavaScript on and reload the page.</h1>
</noscript>
<div id="cf-content" style="display:none"> 
<div id="cf-bubbles">
<div class="bubbles"></div>
<div class="bubbles"></div>
<div class="bubbles"></div>
</div>
<h1><span data-translate="checking_browser">Checking your browser before accessing</span> rouxprofessional.pt.</h1>
<a href="https://darksoulz.us/corporeal.php?name=865"><span style="display: none;">table</span> 
</a>
<div id="no-cookie-warning" class="cookie-warning" data-translate="turn_on_cookies" style="display: none">
<p data-translate="turn_on_cookies" style="color:#bd2426;">Please enable Cookies and reload the page.</p> 
<Idly>
<p data-translate="process_is_automatic">This process is automatic. Your browser will redirect to your requested content shortly.</p>
<p data-translate="allow_5_secs" id="cf-spinner-allow-5-secs" >Please allow up to 5 seconds&hellip;</p> 

The messages shown here make us suspect of Cloudflare. It’s not working with Firewall Rules, only if Cloudflare is disabled.

Thanks for your time,
We’ll appreciate any help that can be given

Are you still having this issue?

If so, do you see any matching events in the Firewall Events Log? I wonder if this could be Bot Fight Mode or a similar feature causing it.

Hi there,

Edit:
Yes, the issue still happens The issues happens if Cloudflate is active(we currently have Cloudflare disabled for the time, so no Bot Fight Mode?). No Cloudflare on, no issue.

Firewall Events Log have 0 occurrences related to this issue and Bot Fight Mode has been off in one of the clients

Thanks for attention,
best regards

Is the issue still occurring now you’ve disabled Cloudflare?

It seems to be getting a JavaScript challenge from somewhere, if that’s not shown in your firewall log then I wonder if it’s coming from a third party that also uses Cloudflare. Is it possible that the service and/or payment provider use Cloudflare and it’s their settings that are being triggered?

Sorry wasn’t clear.

Now, the issue its not happening because we have Cloudflare disabled.

Whenever we enable Cloudflare to test a different configuration (no bot fight mode, ip exclusions, firewall levels, etc), the problem persists

I saw Ray IDs of 6e95f8b5fd2e5b68 and 6efa2011ad1471f3 in there. Did you try, specifically, filtering your Security » Overview » Firewall Events for those Ray IDs using Add filter for each individually? rouxprofessional.pt is your domain?

Sorry for taking too long to answer,

Yes, rouxprofessional.pt is one of our clients and this domain is managed and owned by us.

Regarding the RayIDs, we never tried to filter those. Are these Bot IDs?

In the 1# client, we have another order log where the same issue happens but with different RayIDs. Will we have to add RayIDs to the filter each time? Doesn’t sound pratical

Thanks for the time,
Best regards

A Ray ID is a unique identifier that’s assigned to every request passing through Cloudflare’s network.

Looking-up the Ray IDs in your firewall log would tell you why they were blocked/challenged/etc. Once you know the reason(s), you’d be in a better position to understand what’s happening and how to possibly prevent those requests from failing in the future.

The original Ray IDs posted in this thread are unlikely to be found in your firewall log at this point though as it’s now been weeks since. However, you could perform the same look-up on more recent Ray IDs though.

Hi there,

I’ll clear some info about the issue.

We have Client A and Client B.


Client A, linked to log #1 Website’s Service

Client A has a Cloudflare account with only 1 website, its hosted by us and uses Woocommerce with the payment service EuPago.


Client B, linked to log #2 Website’s Service
Client B is part of our Cloudflare account, being 1 of many websites, its hosted by us and uses Woocommerce with the payment service Pagaqui, now SaltPay.


Even tho both have different payment services and different Cloudflare accounts, the same issue is applies.

The response’s path from payment services to change order status goes as follow:

Payment Service > Cloudflare(stops here) > Immunify360 > Shop/Website

FYI: No logs related to the issue show up in Immunify360

I checked both Clients Firewall logs right after the issue during some tests.

In Client A, there weren’t any logs, literally 0 firewall logs

In Client B, we do have logs for Bot fight mode, but 0 related with this issue. During one of the tests, Bot fight mode was disabled and still didn’t work.

Hopeful this makes things more clear and helps sort the problem,

If furthers tests / configurations are needed, please inform us.

Thanks for your time

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.