Cloudflare Blocks < Java 10 User Agents by default

This means Java 8 & Java 7 requests blocked by default.
Java 8 is commonly used for Android Development.
These versions of Java by default sends a user agent like this Java/1.X.X_XX like Java/1.8.0_232 which is blocked by Cloudflare Security by default. I dunno why they do it but it might create unnecessary problems and confusion for people using Java for development.

From my test I have seen that any User Agent starting with Java/1. is blocked.

I dunno why this behaviour. Even Disabling Security from Page Rules doesn’t solve this.
I tried Firewall Rules also. Even if Firewall Rules allow the requests and it appears to be allowed in Security Dashboard logs it is still blocked (?) Maybe because I was using Cloudflare Pages.
By Header Modification does solves this. (Needed hours to figure this out)

~ $ curl -A "Java/1.8.0_232" -X GET https://www.cloudflare.com
error code: 1010
~ $ curl -A "Java/1." -X GET https://www.cloudflare.com
error code: 1010

May I ask you to check which service did blocked the request? :thinking:
Was it Bot Fight Mode or some Firewall Rule like WAF if using Pro plan, etc.?

Do those requests come from a origin host/server which is yours and should be executed normally? If so, you could try to add the IP to the Security → Tools → IP Access Rules with the action “allow” for your website.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.