Cloudflare blocking cloudflare workers from making requests

I am trying to make a request to a website that serves a JSON object using cloudflare workers however I get:

This website is using a security service to protect itself from online attacks

I’m assuming some other cloudflare worker is acting nefariously and ruining it for the rest of us? How do we resolve this?

Welcome to the Cloudflare Community. :logodrop:

How do you know that your Cloudflare Worker isn’t considered nefarious and is the one ruining it for everyone else?

In all seriousness, if it is your site, you will need to find what rule is blocking your connecting and implement a means of exempting your own connections. If it is not your site, you will need to coordinate with the site operator to achieve that same end, assuming that they are amenable to your goal.

re: How do you know that your Cloudflare Worker isn’t considered nefarious and is the one ruining it for everyone else?

Two reasons:

  1. I’m in a dev environment making 1 single request manually. So it’s hard to imagine this is a nefarious act.
  2. The website in question’s main purpose is to serve this JSON to API’s.

I’m not really asking for help, rather reporting a bug. Seems odd that cloudflare security measures are blocking my single request API call to a website where it’s main purpose is serving JSON to others.

Cloudflare doesn’t block anything. Site operators are the ones who configure their own Cloudflare rules and are the only ones who can share their reasons for choosing to reject your traffic.

I have traffic that originates at a location where the ISP offers no IPv6. That site uses Hurricane Electric Tunnel Broker to route its IPv6 traffic. Occasionally it results in access issues, some via Cloudflare tools. In the one instance I have encountered so far where the site used Cloudflare, the reason was clear because the page indicated that ASN6939 was blocked. Other sites aren’t as clear with their explanation. Google simply returns a 403 and lets you figure it out by yourself. Some Cloudflare messages are similarly vague.

The point is though, that it is a feature, not a bug. If you are confident that the behavior is not consistent with the wishes of the site operator, you should definitely get in contact with them, so they can correct their configuration. They may not be aware of the issue.

Just going to have to agree to disagree on this one. I guarantee you this site operator does not have specific rules set in place that say: "block cloudflare workers simple fetch(url).json() calls.

There are plenty of scrapers that are successfully displaying data from this very same endpoint.

My point is: cloudflare workers seem to share the same IP across a single region. Maybe, just maybe, because of this, my simple worker is being blocked for a another cloudflare workers actions.

OR, cloudflare is inaccurately assigning security checks to my worker because, frankly, I have made less than 10 requests to this server.

Regardless of what rule the site operator has in place, they are only ones who can help you with it.

If someone else here has different information available, I have no doubt that it will be shared with you here.

1 Like

Unless you are the site operator you can’t make that guarantee. I know of at least one major Cloudflare customer who chooses to block all connections from Cloudflare workers for ‘security reasons’. Whatever…. Their site, their choices. But you have the data, the website operator has a dashboard to determine why the request was blocked. There isn’t any detail to suggest this wasn’t a choice by the site operator.

1 Like