Cloudflare Challenge on all the sites I visit

cloonan · May 12, 2022, 7:24pm

One of the errors you shared shows an issue with speed and you indicated with a faster connection the error went away.

Thank you for all the details, they are helpful. I am going to phone a friend to get some @MVP eyes on your feedback. Can you share images of the errors in the browser you are using? The dev console is helpful, but seeing the error is a browser is also helpful as we can attempt to reproduce those. Errors with 3rd party apps and devices are difficult to troubleshoot, but even images of those errors in the apps would be helpful.

Only you can confirm that, can you scan all the devices for malware?

I agree, I do not think this is related to IP, it may be related to one of the other dozen or so selectors a site owner can use to block traffic. But, as I commented, I do not think that every site owner implemented rules that end up blocking you overnight. That seems more like an effect of malware, not WAF rules.

A 403 error with Cloudflare shown in the error is always returned directly from the origin web server, not Cloudflare, and is generally related to permission rules on the origin server. The top reasons for this error are:

Permission rules the site owners have set or an error in the .htaccess rules they have set
Mod_security rules.
IP Deny rules

If you are seeing the 403 on sites you visit, note that since Cloudflare can not access our customers servers, the site owners need to contact their hosting provider for assistance with resolving 403 errors and fixing rules. They should make sure that Cloudflare’s IPs aren’t being blocked. I do see the dash login was successful so it does not appear to have prevented login.

sdayman · May 13, 2022, 3:33am

ring.com doesn’t use Cloudflare, so that’s interesting you’re having a similar error there.

birger · May 13, 2022, 10:13am

Funny! I haven’t actually tested it in my browser. But yeah, no challenge when I go to their website. My bad, then this will be another issue. Just funny it happened at the same time.

VPN is not a faster connection, it just relays all through them. But once I have VPN activated everything works. Your dash is also presenting these issues. As I showed on the pictures. It works everytime I try login with VPN activated. But once I disconnect from VPN it breaks the page.

When I first did experience this, I tried to go to the different external source by looking through the web console and opening each resource in a new tab. After waiting through the challenge then more of the external resources loaded successfully. But some still fails due to some policy. But why would it not get same error with VPN as without?
Dash not working was preventing me to login. But by connecting through VPN, I was able to login with no error. Don’t want to have a VPN running all the time on all devices unless it’s the only way. But I know it would be much better if I could get some answers regarding why I’m flagged. And take action accordingly.

000000.883|   OKAY| Requesting config from /api/v1/config/public?region=NA&os=windows&app=Riot%20Client&version=48.0.0.4342439&patchline=KeystoneFoundationLiveWin&namespace=keystone.self_update
000000.994|   WARN| HttpEventSender: Error sending 1 events to data. riotgames. com/collector/v2/events: 0 (HTTP response code 403, retry count 0) - 
000001.147|  ERROR| CheckForSelfUpdate failed.: Self update query config failed.: Request of URL "/api/v1/config/public?region=NA&os=windows&app=Riot%20Client&version=48.0.0.4342439&patchline=KeystoneFoundationLiveWin&namespace=keystone.self_update" failed with code:0, error:""

Log from Riot Client application, only happen when I use my home network. But using VPN connection or mobile data it does not fail. Opening this url in a web browser presents me with the Cloudflare verification before showing me the page content.

Only I can confirm, and all the devices I have tested report healthy and no malware or virus found. No way to test the IoT stuff, but I do assume they are healthy.

M4rt1n · May 13, 2022, 10:27am

They do as far as I am concerned.
The main domain itself does not, but the subdomains they redirect to do:
ring.com:

de-de.ring.com:

So may he is facing this issue on a subdomain he automatically got redirected to.

jnperamo · May 13, 2022, 12:32pm

Can you show us the certificates that the browser reports while you run into issues with the dashboard?

sdayman · May 13, 2022, 12:34pm

Good point. That’s an interesting twist: Amazon using Cloudflare.

As it’s the mobile app and IoT device, it’s extremely likely that it’s using a subdomain also proxied by Cloudflare.

sandro · May 13, 2022, 12:40pm

Do you think Jeff got rich by wasting traffic?

birger · May 13, 2022, 1:22pm

Will this do?

jnperamo · May 13, 2022, 2:00pm

Yup, that works. I thought that maybe the connection was being intercepted, but the certificate seems to be okay.

Does the error occur on incognito as well?

cloonan · May 13, 2022, 6:54pm

3 posts were split to a new topic: Some issue with my network

birger · May 13, 2022, 3:18pm

Same behaviour in incognito and also on other computers. Which indicates not a broken setup on browser. Unless all browsers have the same error with, but fixed when I use vpn

I only have a workaround. VPN. Have you checked the work IP on projecthoneypot, spamhaus or talosintelligence?

soldier_21 · May 14, 2022, 5:00am

You have a lot of exposed services running on your home IP address, including an old Apache server and phpMyAdmin

That could be why. But I still think you should make a ticket; send an email to support @ cloudflare.com with all the details you’ve described, even link this thread in the ticket, and reply here with the ticket number

birger · May 14, 2022, 5:42am

Yeah. I have got a tips about my reverse proxy box. Did turn it off yesterday. Doing some checks on it as I types. Didn’t find anything when I just had a quick look at it earlier.

I’ve already attempted to make a ticket when this first happened. But got rejected since I dont as a non enterprise customer dont have access to such nice things.

I can make a new request if that is better.

#2436662

soldier_21 · May 14, 2022, 6:02am

I’ve escalated the ticket for you, but it’s the weekend now

Could you also please send an example of a resource on dash.cloudflare.com that 403’s for you? With the cf-ray header, you can find it in the chrome network tab

Make sure you click the “Preserve log” checkbox to show requests that happened before form submission

It should look like this:

Just make sure you only share the cf-ray, and nothing else as requests to dash.cloudflare.com will probably contain sensitive information

birger · May 14, 2022, 6:10am

Thanks! And yeah, weekend doesn’t make a difference for mye experienced issues but don’t expect much to happen over a weekend support-wise.

I will make a comment on the case for it. Or did you want it here?

soldier_21 · May 14, 2022, 6:11am

Both

birger · May 16, 2022, 6:56am

This is the cf-ray header from dash page

birger · May 16, 2022, 7:05am

Tried to send email with the same picture.
But it then got classified as SPAM.

Remote Server returned ‘554 5.0.0 < #5.0.0 smtp; Your email to group support – cloudflare.com was rejected due to spam classification. The owner of the group can choose to enable message moderation instead of bouncing these emails. More information can be found here: https://support.google.com/a/answer/168383.>’

This is when sending from my email account. The email is not sending from my IP address, it is going from Microsoft Office365 Outlook service.

matteo · May 16, 2022, 9:58am

Support should have created a ticket for you to discuss this. From what they told me they asked for some more details

Ticket number #2450781.

system · May 31, 2022, 3:00pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.