Hello,
Thank you for contacting Rank Math support and sorry for the inconvenience caused to you.
If this is the case then you can try to whitelist the IP 134.90.148.114, and the user-agent RankMathAPI/2.0.0; https://rankmath.com. You can do this in the firewall or at Cloudflare.
You can also refer to this guide:
https://rankmath.com/kb/api-http-400-error/
We hope that helps. Please let us know if you need help with anything else.
Thanks
Thanks a lot for your reply. So, just to clarify do you want me to add the Cloudflare firewall rule like this: https://i.imgur.com/sblszMd.png
or like this: https://i.imgur.com/jYmcizO.png
If you guys can provide the exact Cloudflare firewall allow settings, that would be really nice.
Hello,
Thank you for keeping in touch with us.
The first configuration you made should do. Could you please try if you are able to save the meta settings now?
Let us know how it goes. We are looking forward to helping you.
Hi Jeremy,
yes, it is working now. But not sure if and when it will get blocked again.
Hello,
I am glad that it is now working on your end.
The CF configuration you just added should work. If ever you will experience this issue again, please create a new ticket and we will be glad to help you.
If you don’t mind me asking, could you please leave us a review (if you haven’t already) on https://wordpress.org/support/plugin/seo-by-rank-math/reviews/#new-post about your overall experience with Rank Math? We appreciate your time and patience.
Thank you.
Hey Jeremy,
I’m sorry but the Firewall Rule you recommended didn’t work at all. So, you recommended using this firewall rule: https://i.imgur.com/sblszMd.png and despite it being deployed Cloudflare is still blocking calls to `
/wp-json/rankmath/v1/updateMeta`
In fact with the above firewall rule deployed it doesn’t even pick up this request: https://i.imgur.com/2AHFGl6.png
So, basically, that firewall rule is absolutely not working.
BTW, here is what’s happening in the browser network tab:
https://i.imgur.com/Xq3TbGP.png
https://i.imgur.com/vkoW5uM.png
After this I tried creating another Firewall Rule like this: https://i.imgur.com/FzfBLI4.png
But that continues blocking the request. When I checked Cloudflare log, I saw CF is initially allowing the request based on my firewall rule and then blocking it based on CF OWASP Core Ruleset. Screenshot: https://i.imgur.com/glg0oFV.jpg
So, basically my firewall rule is not serving it’s purpose. Then I checked: https://developers.cloudflare.com/firewall/cf-firewall-rules/actions#supported-actions where it says:
The scope of the Allow action is limited to Firewall Rules; matching requests are not exempt from action by other Cloudflare Firewall products, such as IP Access Rules, WAF, etc.
Finally, I had to make a new CF Page Rule like this: https://i.imgur.com/LOW7F50.png which actually worked. But not sure if this is the right thing to do. You guys should really test the plugin thoroughly with Cloudflare Firewall in place and provide a proper guide on how to handle Rank math when using Cloudflare.
Looking forward to your reply.
Hello,
Thank you for the update and suggestions here. Could you please confirm that the updatemeta is currently not being blocked?
In this case, you have disabled the security on WAF which are web requests to your domain that filter out undesired traffic based on rule sets that you specify.
Do let us know if you are still facing a challenge here.
Thank you.
Could you please confirm that the updatemeta is currently not being blocked?
– Yes after adding the page rule shown above it is not being blocked anymore.
In this case, you have disabled the security on WAF which are web requests to your domain that filter out undesired traffic based on rule sets that you specify.
– Yes I had to disable it for that request only: https://i.imgur.com/LOW7F50.png
But not sure this is the right thing to do. As you can understand it seems quite hacky that I have to disable security and firewall on the Rank Math API call for it to work with Cloudflare Firewall.
I would really appreciate if you guys can test it on a CF WAF enabled account or show it to any dev team member to see if this is the right thing to or something else can be done? As this doesn’t feel like the right thing to do.
I added that page rule for the system to work in the time being while a more accurate solution can be found.
Hello,
Thank you for getting back to us.
As we have illustrated on our guide here: https://rankmath.com/kb/meta-data-not-saving/
This is a common issue and we always recommend whitelisting the file using the specific platform that has the firewall.
All in all, we appreciate your suggestion here, and please do allow me to push your suggestion to our product development team and we will get back to you.
Thank you
Hello,
We wanted to get back to you on this ticket to let you know, that whitelisting that route is the correct way to go about fixing this issue.
We understand your security concerns but that route is necessary to update the metadata on user’s websites and in case it’s getting blocked we need it whitelisted in order to save the data in the database correctly.
Hope this helps further clarify the situation.
If you have any other questions don’t hesitate to get in touch.
Thanks for confirming this. I think you guys should create a help article/docs about how to handle it inside Cloudflare so that non-technical people can just follow the steps. This will really help a lot of people. 🙂
Hello,
I have forwarded your suggestion to the relevant team.
If you do have another question in the future, please feel free to create a new forum topic, and it will be our pleasure to assist you again.
Thank you.
