First, for the total avoidance of doubt, I am aware that this error is coming from Nginx, which I am using on my server, but I am almost certain that this is a problem within Cloudflare because:
- My application did not throw these errors when I didn’t use Cloudflare, nothing else has changed.
- I am seeing no requests hit my server at all
- When I inspect the request, I am seeing a response from Cloudflare (401 Authentication Nginx, and a username/password pop up). I am not exactly clear what service but it looks like a response from a cache.
Unfortunately, it gets even weirder:
The error occurs randomly and stops randomly. It is not persistent. I have tried switching settings in Cloudflare, I have tried turning the cache off (switching to development mode), I have tried restarting my server multiple times…nothing.
The response from Cloudflare has a www-authenticate header with a basic realm that is different to my website. The realm is actually for a totally different website that I FTP into and which does use the auth pop up (I have no idea if they use Nginx)…I am slightly concerned about how this is occurring because, clearly, something has retained some state that it shouldn’t have access to. And, even more bizarrely, this appears to be the case with different browsers and using a private browser.
I am not even sure where to start here…the only thing that I have observed is it appears to only occur with requests that hit the Cloudflare cache and have response headers including:
www-authenticate: Basic realm=“ftp.server” (not the website that is running my server and whose domain is going in the address bar)