DiscordStatus
Guias / Guides

Cloudflare Firewall Blocking

Cloudflare is one of the most widely used Firewall and WAF (Web Application Firewall) solutions for protecting applications exposed to the internet.

If your Firewall solution is Cloudflare and you are experiencing HTTP 403 errors during Webhook synchronization, you will need to create some firewall rules to allow communication between Asaas Webhooks and your application.

Why does this happen?

In some scenarios, Cloudflare may interpret requests sent by Asaas as suspicious traffic and block them before they reach your server.

The most common causes are:

  • overly restrictive WAF rules;
  • Bot Protection;
  • Rate Limiting;
  • country-based restrictions;
  • missing Asaas IP addresses in the allowlist;
  • custom Firewall rules;
  • User-Agent restrictions.

In these situations, the Webhook reaches Cloudflare but is unable to reach the application, causing Asaas to receive an HTTP 403 (Forbidden) response.

Operational impact

When Cloudflare blocks Webhooks, the flow is as follows:

Asaas
↓
Cloudflare
↓
HTTP 403
↓
Delivery failure
↓
Queue penalty
↓
15 consecutive failures
↓
Queue interrupted

Even when the queue is interrupted, new events continue to be generated and stored by Asaas.

Events remain available for up to 14 days. If the queue is not reactivated within this period, older events may be permanently removed.

After fixing the issue and reactivating the queue, events will be processed normally again.

Video walkthrough

Allowing Asaas IP addresses

First, access your domain settings in Cloudflare.

From the domain Overview, navigate to:

Security > WAF

On the right side, select IP Access Rules and create a rule to allow all [official Asaas IP addresses].

📘

Important

After allowing the IP addresses, Webhooks should start reaching your application normally again and HTTP 403 errors should stop occurring.

Sandbox environment

In the Sandbox environment, additional IP addresses may be used.

If requests are still being blocked, go to:

Security > Events

On this page, blocked IP addresses will appear in the events list.

Simply copy the identified IP addresses and add them to your Firewall access rules.

Completing the configuration

After adjusting the Cloudflare rules:

  1. Go to Integrations > Webhooks in your Asaas account.
  2. Reactivate the synchronization queue.
  3. Generate a new event.
  4. Check the Webhook logs.

If the configuration is correct:

  • HTTP 403 errors will stop occurring;
  • the queue will resume normal operation;
  • events will once again be delivered to your application.

It is not necessary to create a new Webhook. Simply fix the blocking issue and reactivate the existing queue.

Related content