I use Aweber to email blog updates (blog broadcasts) to my email subscribers whenever I post a new topic. It works by reading my RSS feed. However since installing Cloudflare on my site Awber cannot access the site.com/feed URL even though I can view it in a browser. What settings are required to allow Aweber access to my RSS feed. I have set the Cloudflare security level to “essentially off” but this doesnt seem to work.
I don’t recommend setting your global security level to “essentially off”, that essentially disables all protection against DDOS, unless the DDOS is volumetric enough to damage Cloudflare’s own network.
I recommend instead creating a page rule for the RSS feed with the “disable security” page rule. See if it works after that.
Thanks for the tip. I tried your idea and unfortunately it didnt work. Any other ideas?
Can you check the Firewall Events log for activity on that URL?
I don’t see any instructions from them on whitelisting IP addresses, so you’ll have to either ask them about their IP addresses, or dig through the Firewall log.
Under Firewall event log I selected Rule ID for the URL http://www.learningtoplaytheguitar.net/feed/ and No Firewall Events were listed. Selecting Ray ID (what is that?) gives me an error code. For the IP address would that be the Aweber IP used to access the RSS feed?
Also clarify when you say “I don’t see any instructions from them on whitelisting IP addresses, so you’ll have to either ask them about their IP addresses, or dig through the Firewall log.” Is the them Cloudflare of Aweber? Sorry just unsure of what you’re recommending here.
Would the IP Access Rules be a solution if I can get the Aweber IP used to crawl RSS feeds?
If you can figure out at what time Awber tried to reach your feed, you might find a Firewall Event that blocked that attempt.
If you know the IP address(es) they use, you can Whitelist them to let Awber read your feed.
OK cool. Am asking Aweber for their IP now and will see how it goes.
I poked around www.learningtoplaytheguitar.net/feed/.
If I just curl it with ‘curl -v’, I get a 403 Forbidden error. I don’t have the IP of the original server to send the request directly to there, to see if the behavior repeats (and if so, not Cloudflare’s fault).
If I use curl and throw in a browser’s user agent (“Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:188.8.131.52) Gecko/20100401 Firefox/3.6.3”), I get a proper RSS output.
So it seems someone - could be Cloudflare, could be your own server, is looking at the User Agent sent from the client, and decides to return 403 on some user agents. See in your website if you have control over the feed to “protect” it from crawlers etc, that might be enabled, and could be affecting your RSS reader. I still haven’t seen Cloudflare errors without an actual promotion to Cloudflare’s services (though that’s evidence to nothing), and your 403 doesn’t have such promotion, just a plain 403 of common servers, so that’s why I would check your origin first… on the other hand maybe Cloudflare shows such promotions only if they detect the client to be a browser and not something like “curl”
The issue was in the .htaccess file blocking access to the RSS feed. All sorted now thanks!