Bypass API calls to avoid blocking them

Resolved niesan
(@niesan)

4 months ago

We use the shippypro plugin to send orders for shipping, but it now blocked after installed the Advanced IP Blocker with default settings blocking the acces with REST API. API request to fetch orders is returning a 403

Chatted with shippypro support they wrote this below. Can you create a guide to create a rule like that?

If your firewall or security system supports rules based on HTTP headers, please configure it to allow requests with the User-Agent header set to ShippyPro.

“next step is to whitelist ShippyPro API calls properly to avoid blocking them.”Because ShippyPro uses dynamic IP addresses, the most effective way to whitelist our requests in your firewall is to create a rule based on the User-Agent: ShippyPro header. This allows your firewall to recognize and allow traffic from ShippyPro regardless of the changing IP addresses”

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Author IniLerm
(@inilerm)

4 months ago
Hi @niesan,

Thank you for reaching out.

This is a very common scenario with external shipping services. Since they connect automatically using dynamic IPs, security plugins treat them as bots unless we explicitly tell the firewall they are trusted.

Here are two ways to solve this, from easiest to most robust.Plan A: Standard User-Agent Whitelist (Easiest)
1. Go to Security > Blocking Rules.
2. Click on the User Agents tab.
3. Look for the box on the right side labeled “Whitelisted User-Agents List”.
4. Add the following line (exactly as their support requested):
  ShippyPro
5. Click Save User-Agent Lists.
Try connecting ShippyPro now. If it works, you are done!

Plan B: Advanced Rule (The “Nuclear” Option) <– Recommended

If Plan A doesn’t work (because some security layers like REST API protection might run before the standard whitelist check), use this method to force a total bypass for ShippyPro.
1. Go to Security > Blocking Rules > Advanced Rules.
2. Click + Add New Rule.
3. Rule Name: ShippyPro Whitelist
4. IF:
  - Type: User-Agent
  - Operator: Contains
  - Value: ShippyPro
5. THEN Action: Select Allow (Bypass Security).
6. Click Save Rule.
This rule tells the firewall: “If the visitor identifies as ‘ShippyPro’, ignore all other security checks and let them in immediately.” This is the method recommended by their support team.

Let me know if this resolves the connection!

Best regards,

Advanced Ip Blocker Team
- This reply was modified 4 months ago by IniLerm.
- This reply was modified 4 months ago by IniLerm.
Thread Starter niesan
(@niesan)

4 months ago

thank you very much for your assistance and the quick response, much appreciated. I used the first solution “Whitelisted User-Agents List”. , worked as expected. Very easy.

And thank you for developing and sharing this fantastic tool to make all wordpress more secure in an easy to understand way. Still can’t understand this plugin is completely free. I have sent a donation to support. Keep up the good work.
Plugin Author IniLerm
(@inilerm)

4 months ago
Hi @niesan,

That is fantastic news! I am glad the “User-Agent Whitelist” solution worked smoothly for you. It is definitely the cleanest way to handle services like ShippyPro.

And thank you so much for your generous donation! It is support from users like you that allows us to keep this plugin free and constantly evolving without locking features behind a paywall. It truly means a lot to the development team.

If you have a spare moment, leaving a 5-star review would be amazing. It helps us grow and reach more people who need simple, powerful security.

👉 Rate Advanced IP Blocker here

If you ever need help with anything else, just let us know.
- This reply was modified 4 months ago by IniLerm.

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.