Payrix Pro Web Application Firewall Guidelines
Worldpay for Platforms uses a Web Application Firewall (WAF) to protect its production and sandbox environments, including the Payrix Pro portal and API. There are specific guidelines that might impose limitations on the types of interactions permitted with the Payrix Pro platform due to the WAF. This guide provides important rules to consider when attempting to access the Payrix Pro platform and its resources.
General Security Rules
Worldpay for Platforms uses a comprehensive set of environment-specific rules to block any detected attacks that match known attack patterns published by reputable industry sources, including The Open Worldwide Application Security Project (OWASP). These rules evaluate requests for correlations with various attack patterns frequently employed by spammers, abusive bots, crawlers, and similar fraudsters.
Worldpay for Platforms might make WAF configuration changes to adapt to observed threats and coordinate any changes with Partners as needed. In certain situations, implementing a change might be essential to counteract a detected attack without prior coordination. If you or your users encounter any difficulties accessing the Payrix Pro platform and suspect it might be related to a WAF issue, contact Payrix Pro Support.
Office of Foreign Assets Control Rules
The Office of Foreign Assets Control (OFAC) maintains a list of countries with various administered sanctions programs. Worldpay for Platforms maintains country-wide IP address blocks for these countries to prevent any activity on the platform. The table below lists the countries currently sanctioned by OFAC and blocked by the Payrix Pro platform:
Country | Two-digit ISO Code | Three-digit ISO Code |
Belarus | BY | BLR |
Burundi | BI | BDI |
Central African Republic | CF | CAF |
Cuba | CU | CUB |
Democratic Republic of the Congo | CD | COD |
Iran | IR | IRN |
Iraq | IQ | IRQ |
North Korea | KP | PRK |
Lebanon | LB | LBN |
Libya | LY | LBY |
Mali | ML | MLI |
Myanmar (Burma) | MM | MMR |
Nicaragua | NI | NIC |
Republic of the Congo | CG | CDG |
Russia | RU | RUS |
Somalia | SO | SOM |
Sudan | SD | SDN |
Syria | SY | SYR |
Ukraine | UA | UKR |
Venezuela | VE | VEN |
Yemen | YE | YEM |
Zimbabwe | ZW | ZWE |
Rate Limiting
Worldpay for Platforms enforces specific rate-limiting rules designed to protect certain pages and maintain optimal performance of the API server. See the established rate-limiting rules below:
Impacted Page | Request Threshold | Period | Block |
|---|---|---|---|
portal.payrix.com | 10 requests | 10 seconds | 30 minutes |