When using Cloudflare with Memberium, you may run into issues.
HTTP POSTs Failing
CloudFlare’s security options may block HTTP POSTs from your Infusionsoft app. This will result in actions such as password generation failing to succeed.
Memberium is designed to deliver personalized content to each individual logged-in visitor on your site. Cloudflare’s goal is to deliver the same content to all visitors on your site. Cloudflare may deliver private content intended for a logged-in visitor, to another logged-in visitor, or to a random user on your site.
Configuring The Cloudflare Firewall
Unfortunately, Cloudflare changes the user interface often enough that any screenshots here may be outdated. If you’re having trouble finding the setting, please contact support and we can join a screen share with you or you can provide us with your Cloudflare logins and we can make the updates for you.
In order to best support you, we’ll provide the information we know you’ll need. We recommend using that to configure the site based on the current settings they provide or work with Cloudflare customer support to get things properly set up. This same information may be useful for other caching services as well.
There are two main things you need to configure in Cloudflare…
You want to whitelist Infusionsoft / Keap in Cloudflare’s firewall:
Previously, it was possible to whitelist traffic from this IP Address knowing it was coming from Infusionsoft. Currently, HTTP POST’s can be sent from a wide range of IP’s, which is why whitelisting IP won’t work.
Instead of using IP Addresses for the whitelist, you should use the User-Agent to check for Infusionsoft. Basically, check if HTTP POST header data has “Infusionsoft” (without quotes) as the User-agent.
You want to set up rules in Cloudflare controlling which pages should bypass the caches:
The URL pattern should look like https://yourdomain.com/?operation=* where yourdomain.com should be changed to your domain.
- Forwarding: Off
- Custom Caching: Bypass Caching
- Browser Cache TTL: Lowest Possible Time
- Always Online: Off
- Apps: On
- Performance: Off
- Security: Off
- Security Level: Essentially Off
- Browser Integrity Check: Off
TEST! TEST! TEST!
Test the various HTTP POST operations from your Infusionsoft app and ensure that they are reaching your Memberium site.