API requests no longer working after starting with cloudflare

Every night we run a script locally that updates inventory levels and other data via API on standardrestaurant.com

Since we moved our site behind cloudflare, this process has no longer worked. At first, I just figured it was part of the transition (propagation, etc…), but extra time hasn’t done the trick.

I checked the community, and it looks very similar to what this user experienced:

In our case, it’s different since it was https before the transition, and so this hasn’t changed for us.

I’ve tried changing the status of the domain’s A record from proxied to DNS Only, but that doesn’t make a difference.

When we run the script, we don’t get an error message, the request just eventually times out.

We are able to access the site just fine, and are able to SSH just fine. It’s just this script that seems to be having problems.

Nothing in our firewall events activity log shows anything from the IP addresses of the machine sending the requests.

What else can we check?

Is there a way to run the API request in verbose mode?

@sdayman: Here’s the output (cURL):

< HTTP/1.1 100 Continue
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
* We are completely uploaded and fine
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
< HTTP/1.1 200 OK
< Date: Wed, 25 Nov 2020 20:50:38 GMT
< Server: Apache/2.4.29 (Ubuntu)
< Set-Cookie: PHPSESSID=eg4bgd2ime0fkci7mpdgs7kvdo; path=/
< Expires: Wed, 11 Jan 1984 05:00:00 GMT

Earlier today, the hangups continued. Now we’re actually seeing updates happening, provided we keep the updates limited to 100 products or so. So, it looks like it’s not actually an access problem, but a processing problem. No idea why 100 products used to take a second or so and now take 1.5-2 minutes or just fail.

One thing we have noticed is that the output returned by the API is huge. Not sure why that is happening, but it’s probably got something to do with it.

So, probably not a cloudflare issue in the end.


1 Like

Could you please specify if it’s REST, GraphQL, or gRPC API?
It seems like you have a simple AJAX/JSONP API, at least, as I see on the main page you mentioned:

If JSON request bodies cause it, the reason is probably quotes and other special characters like Unicode escapes (\u). You have to protect APIs by API security solutions, not a WAF.


You posted the response, and can we take a look at the request? It’s required to understand which signature/RegExp was triggered and why.


Thanks for the time, but it looks like we found it. Turns out it was something going on internally that was creating the time difference. Cloudflare was working just fine the whole time. Thanks again!

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.