Cloudflare can’t (or specifically, won’t) overrule the security settings of a customer. You’ll need to reach out to the owners of the websites and services that you’re having issues with & ask them if they’re able to share any more information or amend their rules to not block your requests.
This is beyond customer settings. I get this challenge to all kinds of sites.
I get the same problem with some services.
My problems;
- riot games client
- bullguard api / for vpn and virus definitions
And also loging in to dash.cloudflare.com is failing. I had to connect a 4G modem to my computer in order to sign up and log in. This due to some external scripts not liking my home network.
After using 4g I have been able to use vpn and thus beeing able to use all Cloudflare customers services with no problems.
I guess my IP or ISP’s subnet is flagged somehow
1 Like
Customers have the option to present challenges to users with ‘threat score’ thresholds - that’s entirely up to the customer as to how aggressive they want to be with that.
Like I said though, Cloudflare won’t overrule a customers security settings. If a customer wants Cloudflare to present challenges to traffic to IPs, IP ranges, ASNs, User-Agents, bot score, threat score or a dozen other selectors then that is their choice & also something that only the customer can change.
The only interaction Cloudflare has with ‘whitelisting’ or amending the reputation of an IP/ASN is the ‘friendly’ and ‘known’ bots lists - which you would not qualify for since you’re not a bot.
1 Like
Still having this issue. It seems to be universal for all pages I visit that uses Cloudflare services.
Been walking through my ISP for troubleshooting, without having a solution. They have no reports on my IP address beeing flagged as abuse/botnet or anything similar to that.
No one knows how to help me out. I would really like to have a email or chat session at someone at Cloudflare to not have this as an open conversation as this is most likely not a common issue, but something particular regarding my IP address.
1 Like
Based on the screen shots you shared, the dash error was connection speed and not related to the problem of being blocked from sites using Cloudflare. Curious, were you able to successfully log in? I do not see the login on your account, but with a faster connection you indicated you were able to sign up and log in.
WRT to sites using Cloudflare and the issues you are facing, I have few questions to see if we can help a bit more:
- What browser are you using, have you tried a different browser?
- What is the exact error you are seeing? Is it just the challenges that you are facing and you are either not able to pass those / unable to complete those because you’re using an app client and not a browser?
- Are you running any ad or popup blockers? Can you disable them and see if you still face the issue?
- Can you share the name of some of the domains where you are presented the challenge?
There are a lot of resources here to assist, I’d start with this #CommunityTip to address the basic issue of challenges
A lot of the suggestions in the tip are around IP, but as @KianNH mentioned above, there can be a number of reasons:
As this seems to have happened overnight and affects all sites, it is unlikely that multiple site owners implemented the exact same rules overnight, I’d start with item 4 in the tip, You have a computer/IoT device that is infected with malware or some kind of virus. Scan for malware to ensure your devices are not infected
If your IP was blocked, this may be helpful, Cloudflare IP Address Blocked. Can you share a screen shot of any error messages you receive? If ‘Sorry, you have been blocked`, this may be helpful, Sorry, you have been blocked.
1 Like
I can assure you this has nothing to do with internet speed. Screenshot when using VPN
dash_cloudflare-vpn-ON.png
When disconnected from the VPN
dash_cloudflare-vpn-OFF-1.png
dash_cloudflare-vpn-OFF-2.png
Everything else is a match. It also works when I use my mobile as a Hotspot. Same browser (Microsoft Edge) but same result in Chrome.
Microsoft Edge and Chrome. 4 different computers on the network.
Most common errors I get is ERR_FAILED 403 indicating access denied due to some policy. See developer console log from browser when trying to reach dash .Cloudflare .com
Tried with and without. My main browser, Edge, does not have an Adblock extension enabled.
itavisen .no - has some cross domain (CDN) resources which fails to load
riotgames .com - application: can not log into using their client application
ring .com - mobile app and IoT device can not get online.
bullguard .com - application: can not log in to their antivirus, cant get updates
fitbit .com - mobile app: can not login or sync my wristband
My IP is not blocked or listed in any of the black lists I can find. My IP gets reported as Neutral (Email) and Unknown (Web). I have also run a full scan on the most active computers, without finding anything in particular regarding this.
But on some sites (fitbit and linustechtips) I have been receiving the following with nothing happening.
fitbit_com-not-loading.png
I have even tried to add my IP to the projecthoneypot’s white list, but has no affect.
projecthoneypot_ip-whitelist.png
I have been talking to ISP regarding IP address, and they tell me it is not possible as I’m currently residing in what they call a link network since I have a fixed public IP address. And getting a new IP address doesn’t necessarily a definite answer if this could happen again. Do I have a infected or malware device on my network. Then it would be great to get a confirmation before I tear everything down.
All images refered to can be found here
Limitation to 1 picture per post, so instead of having multiple posts.
One of the errors you shared shows an issue with speed and you indicated with a faster connection the error went away.
Thank you for all the details, they are helpful. I am going to phone a friend to get some @MVP eyes on your feedback. Can you share images of the errors in the browser you are using? The dev console is helpful, but seeing the error is a browser is also helpful as we can attempt to reproduce those. Errors with 3rd party apps and devices are difficult to troubleshoot, but even images of those errors in the apps would be helpful.
Only you can confirm that, can you scan all the devices for malware?
I agree, I do not think this is related to IP, it may be related to one of the other dozen or so selectors a site owner can use to block traffic. But, as I commented, I do not think that every site owner implemented rules that end up blocking you overnight. That seems more like an effect of malware, not WAF rules.
A 403 error with Cloudflare shown in the error is always returned directly from the origin web server, not Cloudflare, and is generally related to permission rules on the origin server. The top reasons for this error are:
- Permission rules the site owners have set or an error in the .htaccess rules they have set
- Mod_security rules.
- IP Deny rules
If you are seeing the 403 on sites you visit, note that since Cloudflare can not access our customers servers, the site owners need to contact their hosting provider for assistance with resolving 403 errors and fixing rules. They should make sure that Cloudflare’s IPs aren’t being blocked. I do see the dash login was successful so it does not appear to have prevented login.
ring.com doesn’t use Cloudflare, so that’s interesting you’re having a similar error there.
2 Likes
Funny! I haven’t actually tested it in my browser. But yeah, no challenge when I go to their website. My bad, then this will be another issue. Just funny it happened at the same time.
VPN is not a faster connection, it just relays all through them. But once I have VPN activated everything works. Your dash is also presenting these issues. As I showed on the pictures. It works everytime I try login with VPN activated. But once I disconnect from VPN it breaks the page.
When I first did experience this, I tried to go to the different external source by looking through the web console and opening each resource in a new tab. After waiting through the challenge then more of the external resources loaded successfully. But some still fails due to some policy. But why would it not get same error with VPN as without?
Dash not working was preventing me to login. But by connecting through VPN, I was able to login with no error. Don’t want to have a VPN running all the time on all devices unless it’s the only way. But I know it would be much better if I could get some answers regarding why I’m flagged. And take action accordingly.
000000.883| OKAY| Requesting config from /api/v1/config/public?region=NA&os=windows&app=Riot%20Client&version=48.0.0.4342439&patchline=KeystoneFoundationLiveWin&namespace=keystone.self_update
000000.994| WARN| HttpEventSender: Error sending 1 events to data. riotgames. com/collector/v2/events: 0 (HTTP response code 403, retry count 0) -
000001.147| ERROR| CheckForSelfUpdate failed.: Self update query config failed.: Request of URL "/api/v1/config/public?region=NA&os=windows&app=Riot%20Client&version=48.0.0.4342439&patchline=KeystoneFoundationLiveWin&namespace=keystone.self_update" failed with code:0, error:""
Log from Riot Client application, only happen when I use my home network. But using VPN connection or mobile data it does not fail. Opening this url in a web browser presents me with the Cloudflare verification before showing me the page content.
Only I can confirm, and all the devices I have tested report healthy and no malware or virus found. No way to test the IoT stuff, but I do assume they are healthy.
They do as far as I am concerned.
The main domain itself does not, but the subdomains they redirect to do:
ring.com:
de-de.ring.com:
So may he is facing this issue on a subdomain he automatically got redirected to.
4 Likes
Can you show us the certificates that the browser reports while you run into issues with the dashboard?
1 Like
Good point. That’s an interesting twist: Amazon using Cloudflare.
As it’s the mobile app and IoT device, it’s extremely likely that it’s using a subdomain also proxied by Cloudflare.
1 Like
Do you think Jeff got rich by wasting traffic?
1 Like
Yup, that works. I thought that maybe the connection was being intercepted, but the certificate seems to be okay.
Does the error occur on incognito as well?
Same behaviour in incognito and also on other computers. Which indicates not a broken setup on browser. Unless all browsers have the same error with, but fixed when I use vpn 
I only have a workaround. VPN. Have you checked the work IP on projecthoneypot, spamhaus or talosintelligence?
You have a lot of exposed services running on your home IP address, including an old Apache server and phpMyAdmin
That could be why. But I still think you should make a ticket; send an email to support @ cloudflare.com with all the details you’ve described, even link this thread in the ticket, and reply here with the ticket number
Yeah. I have got a tips about my reverse proxy box. Did turn it off yesterday. Doing some checks on it as I types. Didn’t find anything when I just had a quick look at it earlier.
I’ve already attempted to make a ticket when this first happened. But got rejected since I dont as a non enterprise customer dont have access to such nice things. 
I can make a new request if that is better.
#2436662