CF gives a 403 response instead of a 404 error

Hi.
My server, when accessing pages that do not exist, gives a 404 response. After connecting the CF, a 403 response began to be returned, which redirects to a 404 page on my server. As a result, SEO bots receive a 403 response.
How to make CF respond 404 for these requests?

for example
https://www.plastika-okon.ru/okna/gotovye-okna2/

I get 404 from the URL given.

Most probably Cloudflare was blocking bot-like traffic. You need to check the firewall events and see if there are any blocked requests.

Tips: copy the cf-ray value (without -ARN) and use it to filter the firewall events.

1 Like

There is a difference bewteen the 403 and 404 error.

403 Forbidden ( RFC7231 )

If you’re seeing a 403 error without Cloudflare branding, this is always returned directly from the origin web server, not Cloudflare, and is generally related to permission rules on your server. The top reasons for this error are: 1. Permission rules you have set or an error in the .htaccess rules you have set 2. Mod_security rules. 3. IP Deny rules Since Cloudflare can not access your server directly, please contact your hosting provider for assistance with resolving 403 errors and fixing rules. You should make sure that Cloudflare’s IPs aren’t being blocked.

Cloudflare will serve 403 responses if the request violated either a default WAF rule enabled for all orange-clouded Cloudflare domains or a WAF rule enabled for that particular zone. Read more at What does the Web Application Firewall do? Cloudflare will also serve a 403 Forbidden response for SSL connections to sub/domains that aren’t covered by any Cloudflare or uploaded SSL certificate.

If you’re seeing a 403 response that contains Cloudflare branding in the response body, this is the HTTP response code returned along with many of our security features:

  • Web Application Firewall challenge and block pages
  • Basic Protection level challenges
  • Most 1xxx Cloudflare error codes
  • The Browser Integrity Check
  • If you’re attempting to access a second level of subdomains (eg- *.*.example.com ) through Cloudflare using the Cloudflare-issued certificate, a HTTP 403 error will be seen in the browser as these host names are not present on the certificate.

If you have questions contact Cloudflare Support and include a screenshot of the message you see or copy all the text on the page into a support ticket.

404 Not Found ( RFC7231 )

Origin server was unable or unwilling to find the resource requested. This usually means the host server could not find the resource. To serve a more permanent version of this error one should use a 410 error code.

These errors typically occur when someone mistypes a URL on your site when there is a broken link from another page, when a page that previously existed is moved or removed, or there is an error when a search engine indexes your site. For a typical site, these errors account for approximately 3% of the total page views, but they’re often untracked by traditional analytics platforms like Google Analytics.

Website owners usually implement a custom page to be served when this error is generated.

Cloudflare does not generate 404s for customer websites, we only proxy the request from the origin server. When seeing a 404 for your Cloudflare powered site you should contact your hosting provider for help.

So both error codes mean trouble and indicate a problem

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.