Some setting in Cloudflare is prohibiting one of my website’s APIs from working correctly. It must be some sort of default setting, as I haven’t customized this domains Cloudflare’s settings other than the DNS at all. I searched around but I can’t seem find it. I added the APIs IP address it uses to WAF as allow and I went into my server and added them to ipTables. After trying all security protocols etc on my side I simply took the domain off Cloudflare protection and it worked. Anyomne else have a similar issue?
Oh for reference sake here is what I’ve got going on this server/website:
Wordpress - Client (I know, I know but it’s my client’s mandated platform.)
WPMU DEV - These are the plugins that aren’t working correctly. Nifty SEO tool when it’s up and running, as well as an automated Image Compressor. ( Both Tools are malfunctioning)
PHP 8.1 & Most the Common Mods
Mysql 8.0.33
Ubuntu 20.10
nginx
UFW & IpTables, Etc.
Hi,
Please visit your website and perform the action that would normally result in a request to the Rest API being blocked. Make sure you have Developer Tools open (F12).
If the request is blocked with a 403 status code:
- Wait a few minutes
- Go to Dashboard > Security > Events. If the request was in fact blocked by Cloudflare, you should find an event related to that block action. Depending on your site traffic, you may need to filter by IP address, User Agent, URI Path, etc. to find it. Check the “Service” that blocked it.
- If this was
a) Bot Fight Mode, disable this feature.
b) Super Block Fight Mode, create a WAF Custom Rule toSkipit for the specific situation, with relevant conditions such as the URI Path and the visitor’s IP, for example;
c) WAF Managed Rule, you need to create a WAF Exception for that rule. See: Add a WAF exception in the dashboard · Cloudflare Web Application Firewall (WAF) docs
d) WAF Custom Rule, you need to edit it accordingly.
If instead the request was unsuccessful due to a 5XX error, please see this Community Tip for how to investigate and mitigate the issue:
That is quite brave of you. 20.10 has reached end of life in July 2021, meaning it hasn’t received any updates since then. You should really use Ubuntu LTS versions in a server environment, which receive support for 5 years.