Cloudflare Blocking My API

I’m using a program I made that uses REST API to post articles automatically to my Wordpress site in the URL:
The program runs a few times and then I get the error:

'Connection aborted.', ConnectionResetError(10054, 'An existing connection was forcibly closed by the remote host'

I can post without problems if I turn off Cloudflare.

I have tried:
Added firewall rule to allow my IP + requests from my IP
Added page rules to: wp-json/wp/v2/posts to turn almost everything off including security.
Added Security to “Basically Off”

And it still gives me that error.

Yet if I turn Cloudflare OFF and start sending the API towards the non HTTPS URL it works.

With Cloudflare OFF, do requests to your HTTPS URL work? Or is it just non-HTTPS that works?

It works with HTTPS but after posting about 20 posts it starts returning the error above (basically CLOUDFLARE thinks I’m a bot doing a DDOS attack or something?).

And I don’t have SSL certificate without Cloudflare hence the HTTP only

I also have contacted my hosting to make sure it wasn’t the host that was blocking it and they replied that no attacks or IPs or connections have been blocked so it has to be cloudflare

I would say the server side (not Cloudflare) closed these connections. Have you followed the instructions here? Restoring original visitor IPs – Cloudflare Help Center

1 Like

Nope, but why do I need to do that specifically? Don’t think that’ll help.

And I contacted the host and they said nothing was in their logs regarding stopping any requests/posts or any DDOS attacks or anything of the sort

Just curious. The message clearly say the connection was closed by the remote host (this is your server) and wondered if the fact all inbound connections will show the Cloudflare IP address (since it’s a reverse proxy), perhaps your hosting provider is doing something to block these (because you mention there is a threshold when the connections start dropping).

So perhaps not on your server but it could be your provider has a rate-limiting rule on their firewall or somewhere.

1 Like

I turned off cloudflare for the past 2 hours and started uploading to HTTP instead of HTTPS since I don’t have SSL without Cloudflare.

Been uploading posts for the 2 whole hours without any errors while Cloudflare popsup an error within 20 minutes maximum.

It’s 100% cloudflare

I still have doubts. Cloudflare is a reverse proxy. Requests go through Cloudflare first, then your hosting provider (which may have a firewall and other devices to prevent attacks) and then to your server.

By default all requests will go through using Cloudflare’s own IP addresses instead of the original IP request. This means either your hosting provider or your server will suddenly see a much larger number of requests coming from a small number of IP addresses. The list of valid addresses is here: IP Ranges | Cloudflare

You have to ask your provider if they have any rate limit at the firewall or other part of their network. If they say this doesn’t exist then you have to check your platform (CMS, Wordpress) to make sure you don’t have a rate limit feature blocking these requests. I am sure you will find a security add-on where you can allow those Cloudflare IP addresses.

Your platform can always see the original IP by looking at the HTTP header CF-Connecting-IP.

I contacted the hosting again and they said they are not rate-limiting anything related to any of my sites and haven’t blocked any IPs or requests.

I’ve been running my API for over 8 hours non-stop now towards the HTTP version of the site AFTER turning off Cloudflare.

I wanna try to do what u mentioned above about the IPs but it seems rather hard to do or at least I’m not really understanding how to do it. Just to see if that fixes the issue.

EDIT: I didn’t notice I just had to insert the code on the page I wanted. So If I insert the code into the link I use the request/post to it should count my IP for each request and not cloudflares thus not block it?

Why aren’t you testing it against HTTPS?

1 Like

THE OP doesn’t have HTTPS on their origin at the moment.

Yea I don’t have HTTPS without Cloudflare.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.