Infusionsoft HTTP POST and restHooks with CloudFlare

References:

  •  https://support.cloudflare.com/hc/en-us/articles/200168306-Is-there-a-tutorial-for-Page-Rules-

CloudFlare blocks IP addresses known or perceived to be sources of malware or spam. The CloudFlare Firewall also detects web activity that be harmful to your site and blocks IP addresses linked to such activity.

Very often, HTTP POST’s without a referrer originating from the site itself can be considered illicit and result in the posting IP addresses being blocked. Infusionsoft resHooks fall under the HTTP POST rules. Another “gotcha” are unknown or missing user agents where CloudFlare expects to see the name of the most common web browsers.

CloudFlare provides a mean to establish a so-called “Trust List”, enabling HTTP POST and restHooks originating from Infusionsoft to be “whitelisted”, enabling them to reach your site and be processed by iMember360. In addition, CloudFlare lets one define so-called “Page Rules” which would allow Infusionsoft HTTP POST/Webhooks to get past the security scans.

To add Infusionsoft IP addresses to the CloudFlare “Trust List”:

  1. Go to your CloudFalre Firewall settings and click on the “Trust/Block IP List” tab.
  2. In the input field next to the green “Trust” submit button, enter “208.76.24.0/22” and press the “Trust” button. Note: the /22 is important.

Next, go to your “CloudFlare Page Rules” settings. There, you will create a new rule for your site:

  • Dynamic Pattern -> http://yoursite.com?i4w_genpass=* 
  • Additional settings:
    • Always Online -> Off
    • Browser Integrity Check (BIC) -> Off
    • Browser Cache TTL -> 300
    • Custom Caching -> Bypass Caching
    • Forwarding -> Off
    • Performance -> Off
    • Security Level -> Lowest
    • SSL -> Off