Blocking external IPs from my website

What is the name of the domain?

vrsystem.info

What is the issue you’re encountering

Cloudflare is blocking access to the website

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full

What are the steps to reproduce the issue?

Many of my clients are having access blocked to my website, which is on the Cloudflare service.

Link to access the tracert showing the timeout.

How do I release the specific IP for access to my website?

I went in — Security > WAF > Tool — and I added the client’s IP there, but it still doesn’t access the site.

if I disable Cloudflare everything works normally.

Screenshot of the error

I can see and access your Website normally.

Could you share a screenshot of the error which your Website visitors are experiencing? :thinking:

Sometimes our Security settings at Cloudflare for our Website could cause such issues.

You should be able to see the challenged or blocked event under the Security tab → Events at Cloudflare dashboard for your zone and know exactly which security option was triggered. Could be Bot Fight Mode or Browser Integrity.

Once you find them, click on a particular one to find more details about it (user-agent, IP, HTTP version …). If yes, could you share some details which service was triggered that blocked you?

  • you should see your origin host/server IP out there and user-agent like WP-cron or WordPress/version
These are the prints showing the errors:

Api off

![0](https://p190.p3.n0.cdn.zight.com/items/ApuqJvGZ/51132ee4-35af-466b-8e09-1b6324fb73e5.jpg?v=3a30298c5977bb7391dcb1e493e8661f)


Site off

![1|642x500](https://p190.p3.n0.cdn.zight.com/items/NQu9NWJ4/23a501f5-9e5d-4d37-9e8a-c76dab9229ca.jpg?v=df31df6b0a967012a36493b99ebf990f)


This all happened even though I had created a route in the WAF to skip all requests from Brazil.

![1a|690x233](https://p190.p3.n0.cdn.zight.com/items/6qu1Zb8E/a44805fc-da4b-4476-b1d7-afcda08e954e.jpg?v=16167f5940196acb74433612394b44cb)


I did a tracert on my domain from this computer without access and it is stopping at one of your servers.

![2|690x372](https://p190.p3.n0.cdn.zight.com/items/12ujg7AO/7d25fb4e-627b-49ae-92b9-b427197423dd.jpg?v=46fd9e7bada7308983cb48bfebbe4122)


ip 172.68.16.89 say WhoIs that it is from Cloudflare

![3|632x500](https://p190.p3.n0.cdn.zight.com/items/eDuZ5rjO/3137fe77-a4e9-4906-8501-98ee5bdf8572.jpg?v=f14a9772ed2c5df83fdcabf12d073ed1)


There is no record in the events

![4|690x236](https://p190.p3.n0.cdn.zight.com/items/QwuJL8AG/7e7d8ad4-583a-4eaa-a794-792beebe007e.jpg?v=0dcb21b86baa1b2e5e7d948793f4ed2e)


After I stopped CloudFlare the site opened and the API service started working again.

![5|690x434](https://p190.p3.n0.cdn.zight.com/items/xQuJqR7E/121796cb-a97d-4b11-ba62-d9e12f9c62e2.png?v=745c1001dd952a09821e8d1096f5f256)

It seems that requests from this IP do not even pass the WAF rules.