What is the name of the domain?
What is the issue you’re encountering
X-Cart is telling us that the module we are using for payment processing is being blocked by Cloudflare, and transactions are not going through. X-Cart says, "Here is the response I receive when attempting to access the callback URL directly:
Code: text
$ curl -I https://grillpartssearch.com/payment/cc_xpc.php
HTTP/2 403
date: Thu, 15 May 2025 16:13:34 GMT
content-type: text/html; charset=UTF-8
content-length: 6952
cf-mitigated: challenge
…
As you can see, Cloudflare returns a 403 Forbidden status along with the header cf-mitigated: challenge, which means the request is being blocked or challenged by Cloudflare’s protection mechanisms. This behavior prevents automated systems—like X-Payments—from accessing the callback script, which is essential for completing transactions and communication.
This explains why the X-Payments module reports that the callback URL is not reachable. You may want to review your Cloudflare settings—especially any WAF rules, Bot Fight Mode, or Security Level configurations—to ensure that this URL can be accessed without challenge, at least from trusted services like X-Payments.
Once you’ve made the adjustments, you can re-check the callback status here:
https://grillpartssearch.com/admin/xpc_admin.php?mode=check_callback"
What steps have you taken to resolve the issue?
I have allowlisted the IP address of the X-Payments processor (52.36.122.200) and also allowlisted the path to the file it is requesting, which is /payment/cc_xpc.php. Is the allowlisting for the cc_xpc.php file input correctly into the WAF rules? Please advise.
What is the current SSL/TLS setting?
I don’t know.
What are the steps to reproduce the issue?
Going through the checkout process on the website and the payment processor fails.
