Cloudflare Configuration Guide: Allowlist Partner Backend IP
Our backend system communicates with your WordPress/WooCommerce site via REST API to sync products and orders. Due to high-traffic events, our fixed outbound IP address sends multiple rapid requests, which currently triggers a 403 Forbidden error from your Cloudflare security settings.
To resolve this issue and prevent our automated system from being flagged as a bot or a DDoS attempt, we kindly ask your IT/Security team to create a dedicated WAF Custom Rule (Skip Rule) in your Cloudflare dashboard.
Configuration Steps for Cloudflare Admin
Please follow these steps to allowlist our static IP address:
1. Log in to your Cloudflare Dashboard and select your website zone.
2. Navigate to Security > WAF > Custom rules.
3. Click on the Create rule button.
4. Configure the rule with the following details:
• Rule name: Allowlist - Partner Backend Integration
• If incoming requests match... (Expression Builder):
• Field: IP Source Address
• Operator: equals
• Value: 108.143.170.153
5. Choose action: Select Skip from the dropdown menu.
6. Log components to skip (Check the following boxes):
• All remaining custom rules
• Rate limiting rules (Crucial to prevent blocks during high-traffic order syncing)
• Super Bot Fight Mode (Prevents automated API calls from triggering bot challenges)
7. Click Deploy at the bottom right to apply the changes.
Our Backend Details
- Connection Type: REST API HTTPS requests (WordPress/WooCommerce endpoints)
- Our Fixed Outbound IP: 108.143.170.153
Troubleshooting
If you deploy the rule and we still experience 403 errors, please check your Security > Events log. You can filter the activity by our IP address to see exactly which Cloudflare security layer (e.g., Managed Rules, Managed Challenge, or Firewall) is intercepting our requests.