Authorize.net webhooks and Cloudflare "attack mode"

Proflix — Mon, 08 Sep 2025 11:52:28 GMT

Hello,

We are using Authorize.net on a magento 2 site. We are being inundated by AI scrapers and need to restrict them. The conventional methods have failed to keep them out. Cloudlare has a mode “I’m Under Attack” which requires attachments to the site to verify that they are human. Unfortunately this break the Authorize.net webhooks.

If I could know the IP addresses that the webhooks were coming from I could create a rule to specifically allow these IP addresses. Can anyone help me get these IP addresses?

If anyone has a different/better solution I would love to hear it. When I search for solutions ho to solve this they suggest using features of Cloudflare that have been deprecated or are not part of the free package that we use.

Any help is greatly appreciated.

Thanks

Re: Authorize.net webhooks and Cloudflare "attack mode"

Rectee — Wed, 08 Oct 2025 11:21:39 GMT

JavaScript Challenges: When "I'm Under Attack Mode" is enabled, Cloudflare presents a JavaScript challenge to visitors to verify they are legitimate users and not bots. This challenge involves a brief "Checking your connection" screen and requires the client to execute JavaScript.

topic Re: Authorize.net webhooks and Cloudflare "attack mode" in Integration and Testing

Authorize.net webhooks and Cloudflare "attack mode"

Re: Authorize.net webhooks and Cloudflare "attack mode"