404 errors with IIS only when Cloudflare is proxying?


I’m writing to see if anyone else has any experience with this. I get 404 errors form my IIS application when I access my site proxied via Cloudflare. If I disable Cloudflare (and the firewall rules on the IIS server), the application works fine. In case it helps, the server is an AWS EC2 instance with AWS EC2 security groups acting as the firewall.

Thanks in advance for any insights.

If you disable both, it works. What if you just disable one or the other? I’m just wondering of the IIS firewall looks at a Cloudflare request and says “Sorry, I don’t know what you’re talking about. Here’s your 404.”

If I disable the AWS firewall it doesn’t work and if I disable Cloudflare proxying without disabling the firewall it would not work because the AWS firewall has whitelist only rules for the Cloudflare IPs.

1 Like

Do you have access to the server logs to see the requests that are generating 404s?

And…just to double check, you whitelisted the IPs from this list?

Yes, I checked. Here’s a copy of the AWS rules https://pastebin.com/0VqNfk6B

Pastebin says it’s a private paste, but I’ll take your word for it.

Maybe someone else has some ideas on what the problem is, but hopefully your logs can provide some insight into why it’s a 404.

I fixed the pastebin - I don’t see anything in the logs that would explain 404 - Maybe I’m looking in the wrong place

The site loads locally ( but not remotely via Cloudflare.

Putting the solution here in case someone else needs it.

The SSL mode for the domain was set to Flexible which does will cause this error if there is ANY certificate being presented by the origin. When the SSL mode is flexible, the origin webserver cannot present any certificate, even self-signed or otherwise invalid. You can set it to Full (non-strict) and it will work with any certificate.

We installed the Cloudflare-generated origin certificate but never changed the SSL mode to full which was causing the 404 error.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.