HTTP Post not going through / Timeout related error message

Andrew Pfund — 

Example of the type of error message you’ll see:

org.apache.commons.httpclient.ConnectTimeoutException: The host did not accept the connection within timeout of 5000 ms

In this situation it is most likely that your hosting provider is blocking any posts from Infusionsoft because their IP address appears on certain web spam bot lists.

In this situation you’ll need to contact your hosting companies support team and have them add 208.76.24.0/24 or 208.76.24.* to your servers white list (the type of ip address that you add depends on your whitelist format).

Infusionsoft no longer send HTTP posts from their static IP address. Previously, it was possible to whitelist traffic from this IP Address knowing it was coming from Infusionsoft. Currently, HTTP POST’s can be sent from a wide range of IP’s, which is why whitelisting IP won’t work.

Instead of using IP Addresses for the whitelist, you should use the User-Agent to check for Infusionsoft. Basically, check if HTTP POST header data has “Infusionsoft” (without quotes) as the User-agent.

User-Agent is a field that’s included in the HTTP POST Header. HTTP Post Header contains details about the post, such as IP address post sent from/server info/client info (the raw body contains the details of the post such as contact ID/email etc).

Screenshot of a HTTP POST header data from a test HTTP POST

In order to set up the User-agent whitelist, you will need to reach out to your web hosting provider directly on how to set this up or reach out to security plugin developer/support on how to whitelist User-agent (in case you use security plugin).

In case you use Cloudflare, you should be able to whitelist User-agent, since they already have a way of doing that:

Whitelisting User-agent in Cloudflare

After this the HTTP POST requests should be reaching your server without any problems. Please check the result and confirm that the website functionality is working as expected (for example check to see if a newly created user is able to log in with their auto generated password, etc).