References:
CloudFlare blocks IP addresses known or perceived to be sources of malware or spam. The CloudFlare Firewall also detects web activity that it considers to be harmful to your site and blocks IP addresses linked to such activity.
Very often, webhooks without a referrer originating from the site itself can be considered illicit and result in the posting IP addresses being blocked. ActiveCampaign webhooks fall under the HTTP POST rules. Another “gotcha” are unknown or missing user agents where CloudFlare expects to see the name of the most common web browsers.
CloudFlare provides a mean to establish a so-called “Trust List”, enabling webhooks originating from ActiveCampaign to be “whitelisted”, enabling them to reach your site and be processed by ActiveMember360. In addition, CloudFlare lets one define so-called “Page Rules” which would allow ActiveCampaign webhooks to get past the security scans.
To add ActiveCampaign IP addresses to the CloudFlare “Trust List”:
(1) Go to your CloudFlare Firewall settings and click on the “Trust/Block IP List” tab.
(2) In the input field next to the green “Trust” submit button, enter the following IP addresses
23.20.225.34, 34.192.90.130, 34.192.144.26, 34.199.37.208, 34.205.102.133, 34.206.124.186,
34.226.103.188, 34.230.175.182, 34.236.93.175, 50.17.40.31, 52.7.228.32, 52.45.6.233,
52.45.183.46, 52.55.227.5, 52.72.254.82, 52.201.65.20, 52.201.65.208, 52.201.201.234,
54.83.71.25, 173.193.9.0/24
and press the “Trust” button (Please note that this list is often changed / updated).
Next, go to your “CloudFlare Page Rules” settings. There, you will create a new rule for your site:
- Dynamic Pattern -> http://yoursite.com?mbr=*
- Additional settings:
- Always Online -> Off
- Browser Integrity Check (BIC) -> Off
- Browser Cache TTL -> 300
- Custom Caching -> Bypass Caching
- Forwarding -> Off
- Performance -> Off
- Security Level -> Lowest
- SSL -> Off