Understanding the Problem
When operating an online store, it’s common to use various services like WooCommerce for e-commerce, ShipStation for shipping management, and Cloudflare for security and performance. However, sometimes these services may not work seamlessly together, particularly when strict security settings are applied.
The remote server returned an error: (403) Forbidden.
What is ShipStation?
ShipStation is a shipping software that integrates with various e-commerce platforms, including WooCommerce. It helps in automating shipping processes, printing labels, and managing orders efficiently.
What is a Firewall?
A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between a trusted network and an untrusted network.
What is Cloudflare?
Cloudflare is a popular content delivery network (CDN) and security service. It protects and accelerates websites by optimizing content delivery and providing protection against DDoS attacks, malicious traffic, and other threats.
Cloudflare’s “Under Attack Mode”
This mode is a specific setting in Cloudflare designed to protect websites during an active attack. It adds an additional layer of security by presenting a challenge page to potentially malicious traffic. However, this can inadvertently block legitimate services like ShipStation from accessing your site.
The Issue: Connectivity Problems
When Cloudflare is set to a highly restrictive mode or in “Under Attack” mode, it may prevent ShipStation from connecting to your WooCommerce store. This is particularly challenging since ShipStation does not provide a stable range of IP addresses for whitelisting, as their IPs frequently change.
Whitelisting ShipStation
Since IP-based whitelisting is not effective due to the dynamic nature of ShipStation’s IP addresses, a more reliable method is to bypass Cloudflare rules using a user agent bypass.
ShipStation User Agents
To ensure ShipStation can connect without issues, whitelist the following user agents in your Cloudflare firewall settings:
- Shipstation
- ShipStation
- RestSharp/106.3.1.0
- RestSharp/106.12.0.0
- RestSharp/106.11.7.0
These user agents represent the different ways ShipStation might identify itself when communicating with your server.
Additional Whitelisting: IP Addresses
Though not entirely reliable, you can also whitelist these specific IP addresses used by ShipStation:
- 34.200.1.155
- 34.199.251.255
- 34.199.30.113
- 34.200.10.239
- 18.211.231.40
- 52.203.135.90
- 35.173.55.253
Tightening Security with AWS ASN
Considering that ShipStation uses AWS services, you can refine your security settings by using the AWS ASN (Autonomous System Number): 14618 – AMAZON-AES. This helps in better managing traffic that originates from AWS services, which includes ShipStation.
Conclusion
If your WooCommerce store experiences connectivity issues with ShipStation while using Cloudflare, especially in a highly restrictive or Under Attack mode, consider implementing user agent bypasses in your Cloudflare firewall settings. This approach targets the way ShipStation communicates, rather than relying on a static IP address, providing a more effective solution. Remember to monitor and adjust your settings as needed to maintain both security and functionality.