API Authorization Headers appear blocked through WAF but work fine when hitting origin directly

So I’ve deployed an API behind Cloudflare. I’m not sure what I’ve done but after testing my code local v prod, curl v postman, etc etc My api Doesn’t work unless I hit the origin directly. So to illustrate

DOES NOT WORK:
Client <-SSL/HTTPS-> Cloudflare WAF <-SSL/HTTPS-> Origin

DOES WORK:
Client <-SSL/HTTPS-> Origin

I’m not sure why this is happening and after going through my settings, searching stack overflow, double checking my code I’m out of ideas. Any thoughts?

Is this an HTTPS request over Port 443?

Have you checked the Firewall Event Log for that domain at dash.cloudflare.com?

image
I have Full SSL/TLS Configured and when testing with my postman client, I disabled SSL Verification so I can make the requests without any hubbub and it worked.

RE Firewall, I’ve reviewed the firewall and there There’s no instance of my TEst machines IP address. and when I tail -f The access log I can see my request come through in real time

Are you saying it works now?

No sir, to try to say it better, The API Works as intended with I make requests against the server by it’s IP address, but when the requests are proxied through cloudflare, it does not work and there’s a lot of strange behavior. Is there a “reset” button or something like that for a website in cloudflare?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.