Cloudflare blocked our VPS, cant access anything

We have an Ubuntu VPS on the IP 185.225.232.253 and we use Cloudflare on most of our sub-domains, we have apps such as Gitlab, Grafana or Strapi.

When they all connect to each other through domain, they give error because Cloudflare blocked our IP and it’s returning the WAF captcha internally. This is also happening with external SSO providers such as Jumpcloud and they use Cloudflare for their OAuth provider.

Since our IP is blocked by Cloudflare globally, we’re failing to login to the mentioned apps with Jumpcloud because of the captcha. We contacted their enterprise support but they said we need to contact Cloudflare about it.

Cloudflare blocked our IP globally and we even had to allowlist it in our WAF settings. I never seen this issue happen until yesterday.

In attach you will see an image where our Gitlab SSO fails to login to Jumpcloud because it returned a Cloudflare captcha page as response. I will also attach an image showing our Security blocking our IP and how it says it has a “bad score”, before we allowlisted it.

Please help us out.


Given that it matched the service “Security level” and the Rule ID is “badscore”, I would say that your IP address has a too bad score, for the given “Security level” you have chosen for your website.

Your options are the following:

  1. Reduce the “Security level” for your site.

  2. Add exceptions for the IP address(es) you need to allow, regardless of what history the IP address(es) may have had.

If you’re also seeing the WAF captcha when visiting someone else’s website through this IP address, you would need to take it up with the individual website owner, to see if they are willing to adjust their rules for you.

2 Likes

I don’t get it, our IP was just spamming our self-hosted S3 server from the NodeJS app hosted on the VPS by uploading files that we create. They’re both using Cloudflare DNS. For this reason, our IP got a “bad score” for doing something on itself?

We already contacted Jumpcloud and they said we need to contact Cloudflare and ask for our IP to be cleared out, and you’re saying I should talk to them. I am stuck in a loop here…

If Cloudflare staff could just check out their or our logs they’d see that it wasn’t doing any scraping or something that would make it get a WAF… It’s ridiculous

I would normally have said:

However, I would also like to introduce you to @sdayman’s very good analogy to the situation:

  1. For the first screenshot:

It seems like access was attempted to oauth.id.jumpcloud.com, and that this request was being challenged by the WAF.

That is a decision made by Jumpcloud, and their current WAF configuration.

Only Jumpcloud can help you there, assuming they want to.

  1. For the second screenshot:

The access to the dance party wasn’t dancing that well, which is due to the WAF configuration that the operators of the dance party domain has.

If the operator has set their “Security level” set to High, but that the IP address has a score, that means that the IP address will be challenged already with a “Security level” on Low, or greater, then this WAF configuration is obviously gives a conflict, if you don’t want the specific IP address to be challenged.

I know very well how sad it is to be passed back and forth.

The above is the reality.

The access, according to your second screenshot, was done from AS51167 Contabo GmbH.

AS51167 Contabo GmbH classify as a hosting / cloud provider.

The inexpensive hosting / cloud providers often attract quite a bit of abusive traffic, because of their pricing.

A lot of website owners therefore restrict traffic from hosting / cloud providers, and especially the inexpensive (and most problematic) ones.

It is indeed ridiculous that you’re downvoting posts just because you can’t take the awful truth.

Cloudflare cannot do anything more than the above, to suggest you to contact Jumpcloud (e.g. the website owner), when you have issues regarding their website.

Good luck!

4 Likes