Mysterious firewall issue w/ CF and WP Engine for REST API calls from Azure app
I’m calling a WordPress REST API on WP Engine from a .NET app on Azure. The subdomain is set to DNS Only in Cloudflare but I’m getting a CF “Just a moment…” HTML error on the request instead of the expected JSON. I’ve whitelisted the relevant outbound Azure IPs on both Cloudflare and WP Engine. WPE support doesn’t see any requests reaching them and there's nothing in the logs there, so I want to explore if these requests are being blocked in Cloudflare somehow. But I also don't see the requests in the Cloudflare Instant Logs or in Security > Events. Looking for any suggestions on what else I can check to narrow this down or confirm where the request is getting blocked.
6 Replies
This is the HTML response I'm getting on my API calls:
getting challenged
whatever this zone is, it's not dns only
Right, good catch.
Here's the DNS record for that subdomain.
We switched everything over to DNS Only to resolve some conflicts with WP Engine's own CF instance, which I suspect is when this problem started on the Test site - we probably haven't used it since then.
So that really points to a problem on WPE's side, in their CF instance. But they say they don't see anything there.
(I wanted to get any more ideas here of what to check, but then I'm probably going to follow up with WPE's support and see if I get any different result with another support person)
So for anyone following up on this later, it turned out we had to put our Azure apps on a static outbound IP address, and added phony HTTP headers for user agent, cookies, etc. to mimic a full browser request. That finally got us past the captcha page.
I now also think the problem was primarily in WP Engine's CF instance, but at least some of the Captcha responses appeared to come from CF directly, which I'm still confused about it.