Cloudflare Blocking Wordfence Scans

Cloudflare is blocking Wordfence scans. I have already tried all the options mentioned here and on Wordfence by allowing the IPs needed by Wordfence, telling CloudFlare that the site can communicate with itself. The blocks are not showing up in the CF firewall logs, but I am getting other logs, so I know its working.

I have my WordFence options as: Use the Cloudflare “CF-Connecting-IP” HTTP header to get a visitor IP. Only use if you’re using Cloudflare.

I have tried disabling bot mode.

I have tried disabling bot mode and clearing the entire CF cache.

/// We’re sorry, you are not allowed to proceed
Your request looks suspiciously similar to automated requests from spam posting software or it has been denied by a security policy configured by the website administrator.
If you believe you should be able to perform this request, please let us know ///

I am out of ideas on this or how to clear this error.

The error in the diags is below:

HTTP/1.1 403 Forbidden
Date: Fri, 03 Sep 2021 15:03:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
set-cookie: ojbczvwVKXqy=xHmPUWT; expires=Sat, 04-Sep-2021 15:03:41 GMT; Max-Age=86400; path=/; secure
set-cookie: MkZtaTSKwJ=7g1fope%40Kvnk2H; expires=Sat, 04-Sep-2021 15:03:41 GMT; Max-Age=86400; path=/; secure
set-cookie: -iTpdqbfOsKCFVU=DZ5v%40ROE; expires=Sat, 04-Sep-2021 15:03:41 GMT; Max-Age=86400; path=/; secure
set-cookie: bJoxpLEPe=WTuSah4npdiOf; expires=Sat, 04-Sep-2021 15:03:41 GMT; Max-Age=86400; path=/; secure
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri=“https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
Report-To: {“endpoints”:[{“url”:“https://a.nel.cloudflare.com/report/v3?s=OMUBy7c6Z1P1sQoZou59jcv2XGZYcFoAKaUwJqB3u3hs8BKvsnEtkh9X2i%2FrpkWNl9oyaDf2MWBBl4Zm0eVmmaDoX0abFleQQmkYTiMT5TJK%2B0BnOqVTNBSTVWgf8FLbZdNWUg%3D%3D"}],“group”:“cf-nel”,"max_age”:604800}
NEL: {“success_fraction”:0,“report_to”:“cf-nel”,“max_age”:604800}
Server: cloudflare
CF-RAY: 688fddc4fc450bef-DFW
Content-Encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

<!DOCTYPE html>
<html style="height: 100%;">
<head>
    <meta charset="UTF-8">
    <title>403 Access Forbidden</title>
    <style>
        @media screen and (max-width: 800px) {
            body > div > div > div div {
                display: block !important;
                padding-right: 0 !important;
            }

            body {
                text-align: center !important;
            }
        }
    </style>
</head>
<body style="height: 90%;">
<div style="display: flex; align-items: center; justify-content: center; height: 90%;">
    <div style="background-color: #eee; width: 70%; border: solid 3px #ddd; padding: 1.5em 3em 3em 3em; font-family: Arial, Helvetica, sans-serif;">
        <div style="display: table-row;">
            <div style="display: table-cell; font-size: 150px; color: red; vertical-align: top; padding-right: 50px;">
                ✋
            </div>
            <div style="display: table-cell; vertical-align: top;">
                <h1 style="margin-top: 0;">**'We're sorry, you are not allowed to proceed</h1>
                <p>Your request looks suspiciously similar to automated requests from spam posting software or it has been denied by a security policy configured by the website administrator.</p>
                <p>If you believe you should be able to perform this request, please let us know.</p>

** <p style=“margin-top: 2em;”**>

RID: 2KFGYZN7PDBIW8OAVZMJ16XH







403 Forbidden ( RFC7231 )

If you’re seeing a 403 error without Cloudflare branding, this is always returned directly from the origin web server, not Cloudflare, and is generally related to permission rules on your server. The top reasons for this error are: 1. Permission rules you have set or an error in the .htaccess rules you have set 2. Mod_security rules. 3. IP Deny rules Since Cloudflare can not access your server directly, please contact your hosting provider for assistance with resolving 403 errors and fixing rules. You should make sure that Cloudflare’s IPs aren’t being blocked.

Cloudflare will serve 403 responses if the request violated either a default WAF rule enabled for all orange-clouded Cloudflare domains or a WAF rule enabled for that particular zone. Read more at What does the Web Application Firewall do? Cloudflare will also serve a 403 Forbidden response for SSL connections to sub/domains that aren’t covered by any Cloudflare or uploaded SSL certificate.

If you’re seeing a 403 response that contains Cloudflare branding in the response body, this is the HTTP response code returned along with many of our security features:

  • Web Application Firewall challenge and block pages
  • Basic Protection level challenges
  • Most 1xxx Cloudflare error codes
  • The Browser Integrity Check
  • If you’re attempting to access a second level of subdomains (eg- *.*.example.com ) through Cloudflare using the Cloudflare-issued certificate, a HTTP 403 error will be seen in the browser as these host names are not present on the certificate.

If you have questions contact Cloudflare Support and include a screenshot of the message you see or copy all the text on the page into a support ticket.

I may be wrong, but that doesn’t sound like Cloudlfare wording. Can you post a screenshot of that?

1 Like

It doesn’t provide me a screen shot, its from the backend diags inside WordFence. As mentioned above by AppleSlayer I will check those those as well. I own the server, apache configs, etc… its my own VPS, so my hosting provider is “me” for all intensive purposes, my hosting providers only part is a providing the VPS on VMWARE server, IP Space and a few small firewall rules that lock down ports.

Based on the partial HTML you posted, it sure doesn’t look like Cloudflare.

2 Likes

It’s an alert from the WP Cerber Security WordPress plugin. A similar screenshot with the same wording and some more information can be found on this page:

Are you using WP Cerber Security as well? Maybe, try deactivating the Security plugins, even the custom login ones.

2 Likes

Yes, I am also using WPCERBER, I disabled it and was able to scan, Thanks.

1 Like

I found that by adding this path to the whitelist in WPCerber it also fixes the issue.
/wp-admin/admin-ajax.php?action=wordfence_testAjax

So hopefully someone else can use this information if they run into the issue.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.