Cloudflare captcha pages when IPv6 is enabled

A couple of months ago I suddenly started getting Cloudflare captcha pages when visiting websites using IPv6, which kept happening with more and more websites as time passed by.

One website I regularly visit didn’t even show a captcha, just an access denied error with error code 1020 and a Cloudflare Ray ID with no way to get passed that.

After disabling IPv6 I stopped getting captcha pages immediately.

So I contacted Cloudflare support, they indicated that there have been multiple “security events” related to my IP-address(es), but they keep refusing to tell me what events exactly and that I would have to contact each website owner who is serving me captcha pages individually to get this solved.

Aren’t there any other ways of figuring out why this is happening?

Maybe related, although I doubt it: some geo-IP database has my /64 from Hurricane Electric (who offers IPv6-tunnels) registered in Germany, I’m not German and the tunnel-server I’m using isn’t in that country either… This particular problem causes Facebook to be a pain in the butt, it started translating part of my news feed into German and I’m getting Germany related notifications and suggestions.
I haven’t been able to find the culprit for that and since Facebook doesn’t have techsupport that’s willing to reply, I don’t know how to solve that one, without disabling IPv6.

Hi @MarionRavenFan, I’m sorry for the issue you’re facing. That 1020 error is presented by the site owner. In looking into the details around the issue your’re hitting, it seems the IPv6 address you’re assigned is triggering the challenge, not IPv6 in general, just that address.

Quick Fix idea 8, 9 and 13 in this tip may be helpful,Community Tip - Best Practices For Captcha Challenges.

2 Likes

Not just one address, IPv6 addresses, plurals, on multiple computers. I’ve got privacy extensions enabled, which means the address changes from time to time. I’m not sure, but could it be my entire assigned /64 is marked to require the captcha page? And in one case without captcha, so no way to get access adafruit.com through IPv6. (A website I visit regularly.)

Quick Fix idea 8: See above, privacy extensions already does that and it happens on multiple computers with different addresses.

Quick Fix idea 9: I could delete my IPv6 tunnel and hope a new one gets a different /64, but that’s a temporary solution as long as no one is willing to tell me why this is happening. So this could start all over again and then there will be another /64 marked to get captcha pages.

Quick Fix idea 13: “Handles passes containing cryptographically blinded tokens for bypassing challenge pages.”
Not every website, Adafruit.com for example, shows a challenge page, just “Access denied” and a Ray ID.

Is there anyone who can use Ray ID’s to look into this? 4f7d8b0cd924d8c5, 4f7d912dde60d901, 4d094f50592abf8c to name some. I am still looking for someone willing to tell me what exactly caused this in the first place.

Understood. The experience will vary depending upon if the owner of the site wants to challenge suspect IPs or block suspect IPs. Either way, only the site owner can say for certain if they’re blocking traffic from x and y countries or challenging traffic from this or that IP.

To your other question, no that is not something that can be determined by visitors.

“To your other question, no that is not something that can be determined by visitors.”

I tried solving this with the people behind support at cloudflare dot com first, but didn’t get any further than "There has been a number of security events relating to this IP address, which has caused you to hit bad reputation.”, after which the issue was marked as “solved”, which it’s definitely not…