Bot protection firewall blocking our office

General
1

When trying to access website from our office, we received this message in Chrome:

Bot Protection Firewall Blocked because of Malicious Activities Reference ID: 1159805670636965b1453f6.

I am able to access website from mobile phone network. So something is blocking our office IP. I checked the Cloudflare firewall settings and don’t see what is blocking our traffic. Any suggestions?

2

My best guess is either Bot Fight Mode or Browser Integrity Check feature challenges or blocks the request :thinking:

Could you share what options have you got selected for:

  • Security Level
  • I am under an attack mode
  • Bot Fight Mode
  • Browser Integrity Check
  • Custom Firewall Rules
  • Managed WAF Rules (if using a paid plan)

You should see the challenged/blocked firewall events in the firewall events if you navigate to the Cloudflare dashboard → Security → Overview and lookup for Firewall events for the past 24hours or so. Once you find them, click on a particular one to find more details about it (user-agent, IP, HTTP version …).

Could you share some details which service was triggered that blocked you? :thinking:

You could determine if this behaviour continues even by using a “Pause” option at Cloudflare as follows:

  1. Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com .
  2. The link is in the lower right corner of that page.
  3. Give it five minutes to take effect, then make sure site is working as expected with HTTPS.
  4. Re-try with updating.
  5. Upon success, un-pause and continue using Cloudflare.
1 Like
3

Thanks for the reply. I had firewall rules blocking traffic outside USA and Canada. I also had on the Browser Integrity Check. Here is the json file from the last Security Overview Firewall Event listed:

{
“action”: “allow”,
“clientASNDescription”: “MTO”,
“clientAsn”: “21548”,
“clientCountryName”: “CA”,
“clientIP”: “[REDACTED BY ME]”,
“clientRequestHTTPHost”: “[OUR WEBSITE]”,
“clientRequestHTTPMethodName”: “GET”,
“clientRequestHTTPProtocol”: “HTTP/2”,
“clientRequestPath”: “/favicon.ico”,
“clientRequestQuery”: “”,
“datetime”: “2022-11-07T20:18:03Z”,
“rayName”: “7668c1822a01fa1e”,
“ruleId”: “6b5bc2926506425ead8353d9a1b7fbf0”,
“rulesetId”: “”,
“source”: “firewallrules”,
“userAgent”: “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36”,
“matchIndex”: 0,
“metadata”: [
{
“key”: “filter”,
“value”: “098590c9920f40aba03a6fffb2f25224”
},
{
“key”: “type”,
“value”: “customer”
}
],
“sampleInterval”: 1
}

I then turned off the Browser Integrity Check and all the firewall rules. But I am still getting the same error when trying to access the website from our office. It’s been around 10 minutes. I tried on Chrome and Firefox and with a shift F5.

5

Also to answer your other questions:

  • Security Level: it was Medium
  • I am under an attack mode: it was off
  • Bot Fight Mode: it was off
  • Browser Integrity Check: it was on
  • Custom Firewall Rules: a few rules were active
  • Managed WAF Rules (if using a paid plan): not available
6

UPDATE: I visited my webhost Cloudways and turned off Bot Protection. The description of Bot Protection is: Bot Protection ensures that your WordPress website remains completely safe and secure. It blocks hackers & bots before they harm your site.

It worked. We can see our website again from the office.

7

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.