All Collections
Troubleshooting
How to fix order statuses not changing after customer has paid (Cloudflare)
How to fix order statuses not changing after customer has paid (Cloudflare)

Cloudflare, whitelist IPs, webhook/callback error

Laura from Montonio avatar
Written by Laura from Montonio
Updated over a week ago

If order statuses in your store are not changing properly when customers have completed payments, it might mean that Montonio is unable to send webhook notifications to your shop.

The most common reason for this is the use of a web firewall such as Cloudflare. This guide will walk you through allowing Montonio's IP addresses in your Cloudflare firewall, to ensure that Montonio is able to send notifications to your store when order statuses change.

Allowlisting Montonio's IP Addresses in Cloudflare

  1. Access Cloudflare Dashboard: Begin by logging in to your Cloudflare dashboard and navigating to your site settings.

  2. Locate IP Access Rules: On the left-hand side menu, locate the "Security" section and select "WAF," followed by "Tools."

  3. Add IP Access Rules: Enter the details into the fields and click the "Add" button (twice for both of the IP addresses)

  4. Specify Rule Details: For each rule, enter the following details:

    • IP, IP range, country name, or ASN: Enter the respective IP address:

      • Rule 1: 35.156.245.42

      • Rule 2: 35.156.159.169

    • Action: Select "Allow" from the dropdown menu.

The end result should look something like this:

Creating Custom WAF Rules

In addition to IP Access Rules, we recommend creating a custom WAF rule to ensure that other Cloudflare security features are not blocking Montonio's webhooks.

  1. Access Custom WAF Rules: Navigate to "Security" → "WAF" → "Custom rules" from the left-hand side menu.

  2. Create a New Rule: Click the "+ Create rule" button to create a new custom WAF rule.

  3. Define Rule Name: Assign a descriptive name, such as "Skip WAF for Montonio IP Addresses."

  4. Field and Operator: Select "IP Source Address" and "As in" respectively for these two options.

  5. Enter the IP addresses one by one: In the "Value" box, enter the following IPs together:

    • 35.156.245.42

    • 35.156.159.169
      Note: In the expression preview it should look like this: (ip.src in {35.156.245.42 35.156.159.169})

  6. Choose action: For this, select the option "Skip"

  7. Select WAF Components to Skip: Select all WAF components to skip and make sure you also check the ones under "More components to skip".

  8. Save the Rule: Click the "Deploy" button to save the rule.

Here's how the rule should look like:

Additional Considerations:

  • Regularly review and update your Cloudflare settings to ensure they remain aligned with your security requirements.

  • If you encounter any issues or require further assistance, feel free to contact Montonio's support team for prompt assistance.


Did this answer your question?