Web Server responses are divided into groups, 200-299, 300-399, 400-499, 500-599, etc. Each group is a related family of responses, 200 responses are normal, 300 are redirects, 400 are access denied or client errors, 500 are server errors, etc.
If you are receiving a 300 or 400 series error, then the HTTP POST from Infusionsoft is being blocked before Memberium can receive it. These errors are usually easily fixable, and we’ll walk through them below.
If you are receiving a 500 error, then the HTTP POST from Infusionsoft is being received, but something is causing a server crash and it will require some investigation. Contact us at Support with the details of how to reproduce the error.
We’ll go through the common errors below in order, and touch on how to solve them. The most common sources of errors are:
- Security and Anti-Virus Plugins
- .htaccess File Settings
- WPEngine Bot Filter
- Web Host Server Configuration
When you run across a 300 error, it means that the page that the HTTP POST is being made to is being redirected to another page. Infusionsoft’s HTTP POST system is fairly simple and unlike most systems cannot do redirects. If it runs into a redirect it will simply error and stop rather than going to the new URL. There are two main 300 errors, and you may run into either one; the differences between them are very subtle and unimportant for the purposes of solving this problem, and you can essentially treat them the same.
301 Moved Permanently or 302 Found / Moved Temporarily
This error is most often cause by one of two situations:
HTTP POST URL is Protected
If you are HTTP POSTing to a page that is protected, then you will need to find an unprotected page on your site to send the HTTP POST to. Any WordPress page or post URL will work equally well. We only use the homepage in our examples because it is the only page URL that we know exists.
HTTP POST URL is http:// on an https:// site
If you are HTTP POSTing to an http:// URL on an https:// site then you may have an .htaccess file, server configuration setting or script sending redirects to the secure URL. The solution to this is to change your HTTP POST URL to be https://
Unfortunately, Infusionsoft has compatibility issues with some SSL setups and may not be able to POST successfully to your URL either due to an incompatibility with your certificate issuer, or your server configuration.
We’ve seen errors such as: javax.net.ssl SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Memberium has no control over what SSL certificates Infusionsoft / Keap will accept and they won’t provide us a list of trusted certificate providers that we can share with customers like yourself.
In these cases, we recommend LetsEncrypt. We use those on our own staging and development sites, they’re free, and most any decent web host will have built-in support for them. We’ve not experienced any issues with certificates and HTTP POSTs.
When doing an HTTP POST with Infusionsoft, Infusionsoft is the “client”, and your WordPress web host is the “server” If you are attempting to do an HTTP POST from Infusionsoft to your website and are running into a 400 series error, this almost always and without exception caused by a security setting on your web host or WordPress site.
This error happens when your site or page requires “Basic Authentication” or “Basic Auth” and requires an extra username/password to access the URL. This is most commonly a setting on your web host or in a .htaccess file. It may also be generated by a plugin. It is often done when a site is under development to prevent people from viewing it. If you go to the URL in a new browser, you may see a dialog box like this come up:
If you don’t see the dialog then the restriction may be IP address based. In any case, you’ll need to either whitelist Infusionsoft’s IP address block, or disable the Basic Auth in order for the HTTP POST to be passed on to WordPress and Memberium for processing.
This error is similar to a 401 error, but the error happens when a client is not allowed to access the URL. If you’re running into this error then this is most likely a security plugin, or a security setting on your web host such as .htaccess. If it’s being generated by a security plugin, then you’ll either need to configure the security plugin to allow Infusionsoft to POST, or switch to a different plugin.
Infusionsoft no longer send HTTP posts from their static ip address. Previously, it was possible to whitelist traffic from this IP Address knowing it was coming from Infusionsoft. Currently, HTTP POST’s can be sent from a vide range of IP’s, which is why whitelisting IP won’t work.
Instead of using IP Addresses for the whitelist, you should use the User-Agent to check for Infusionsoft. Basically, check if HTTP POST header data has “Infusionsoft” (without quotes) as the User-agent.
User-Agent is a field that’s included in the HTTP POST Header. HTTP Post Header contains details about the post, such as IP address post sent from/server info/client info (the raw body contains the details of the post such as contact ID/email etc).
In order to set up the User-agent whitelist, you will need to reach out to your web hosting provider directly on how to set this up or reach out to security plugin developer/support on how to whitelist User-agent (in case you use security plugin).
In case you use Cloudflare, you shold be able to whitelist User-agent, since they already have a way of doing that:
404 Not Found
Most people are familiar with this error, and it simply means that no page is at the URL. If you’re getting this error in your HTTP POST, first check to make sure that the page you’re POSTing to exists. If the page exists and you’re getting this error then it is most likely a plugin or setting on your web host that is blocking the page from being accessed in a manner similar to a 403 error.
405 Method Not Allowed
This error is caused when your web host is configured to not allow HTTP POSTs to the URL, and only allows HTTP GET’s such as a regular web browser. This is most commonly caused by a setting in your .htaccess file.
Web Host Configuration
These files are usually found in the top level folder of your site and contain configuration information for your Apache web server. They usually contain a few standard lines of code for WordPress. Other plugins may add many more configuration settings here for caching or security. iThemes Security is notorious for permanently altering your .htaccess file and leaving it’s settings in place even after removal. If you have issues with your .htaccess file you may need to consult with your web host for assistance.
The first step is to disable all security plugins.
The second step is to examine your .htaccess file and look for configuration options that would block or redirect POSTs. iThemes Security for example does this, and leaves it’s security restrictions permanently in place even if you disable the plugin. You may have settings in here even if you have only run iThemes Security once, long ago.
The third step is to do a test HTTP POST and see if it succeeds:
If it does not succeed then there is a server configuration issue and you’ll need to contact your web host for assistance.
If the HTTP POST does succeed, then one of the plugins you disabled is blocking the HTTP POST. You’ll next want to turn on your plugins one-by-one, and re-test the HTTP POST each time until it fails again. Once it fails, you’ve found a problem plugin.
(Please refer to the “403 Forbidden” above regarding whitelist)
Check your plugin’s settings for an IP Whitelist feature. If your plugin is missing this feature please contact the plugin authors and request it. If your plugin does support this feature, then you’ll want to whitelist the following IP ranges An alternate format would be:
For iThemes Security, you’ll need to go to iThemes Security > Settings > Lockout White List, and add the above IP addresses. You’ll also need to go to iThemes security > Settings > Banned Users and uncheck the “Enable HackRepair.com’s Blacklist Feature”. Be sure to save your changes when done.
Once you’ve updated your plugin settings, re-try sending your HTTP POST. Verify that it’s working successfully before proceeding to the next plugin.
If your security plugin lacks any configuration features and the author is unresponsive or unhelpful, then we’d suggest trying one of the other security plugins listed above instead.
If you’re stuck or would like help, please contact Support so that we can help!