RSFirewall! blocks PayPal responses

If you are encountering this scenario, there are several solutions available in order to create an exception in the component so that the responses are allowed to pass the security filters.


The first solution is to use the Exceptions feature. This feature allows you to set exceptions for the security filters applied by the component. We recommend adding a URL exception for this case. The configuration of the exception should be similar to:

  • Exception Type - URL
  • Use regular expressions - No
  • Match - the exact URL where the PayPal response will be received (most components or plugins have a fixed URL where the response will be received)
  • Skip PHP Protection - Yes
  • Skip SQL Protection - Yes
  • Skip JS Protection - Yes
  • Skip Upload Protection - Yes

The second solution is to make sure that the empty User Agents option is not select for the Deny access to the following User Agents setting (Components > RSFirewall! > Firewall Configuration > Active Scanner). The response from PayPal is sent without an User Agent or with a blank one.


Another option would be to add the IP the PayPal response is received from to the component's Whitelist, but this is not such a viable solution since the response is not always received from the same IP. You can add an IP to the Whitelist by going to Components > RSFirewall! > Whitelist/Blacklist, clicking the New button and entering the IP in the new window.

Was this article helpful?

Yes No
Sorry about that

You Should Also Read

Scrambled tags (iframe becomes i-frame) HOT

Exceptions HOT

RSFirewall! doesn't allow me to edit my template files

RSFirewall! interferes with a component I'm using