CloudFlare Reject Websockets

Hi! My Internet Office doesn’t allows website Outside Region, only Internal addresses and a handfull of whitelisted address. I have a personal VPS to Backup My Work at the Office but recently, it Fails to connect. My VPS has Websocket installment to send-receive data without constraint. When sending a request to My VPS, I can only get 200 OK status instead of receiving 101 Switching Protocol. Is this related to My Cloudflare configuration?

Here’s a simple demonstration:

import socket
import ssl

whitelistist = 'cpanel.karakterhebatindonesia.com'
backvps = 'do.famstore.my.id'

soc = socket.socket()
cont = ssl.create_default_context()
soc = cont.wrap_socket(soc, server_hostname = whitelistist)
soc.connect((f'{whitelistist}', 443))
soc.sendall(bytes(f'GET wss://{whitelistist} HTTP/1.1\r\nHost: {backvps}\r\nConnection: Upgrade\r\nUpgrade: websocket\r\n\r\n', encoding='utf-8'))
res = str(soc.recv(1024))

#Response: HTTP/1.1 200 OK

As long as you have Websockets turned on in the Cloudflare dashboard (which you most certainly do if it previously worked), everything should “just work”.

Can you confirm the request is actually hitting your server? It could be that your server isn’t even being hit by the request and something else is returning 200.

Hi! Thank You for Responding, this is actually the Issue. The request doesn’t reach My Server at All, so I can only test from Client-side. It only works if I reach the Server directly and without using Internet from our Office

I’m using a demonstration to make it short:

import socket
import ssl

allowance = 'cpanel.karakterhebatindonesia.com'
hostingy = 'do.famstore.my.id'

soc = socket.socket()
cont = ssl.create_default_context()
soc = cont.wrap_socket(soc, server_hostname = hostingy)
soc.connect((f'{allowance}', 443))
soc.sendall(bytes(f'GET wss://{hostingy} HTTP/1.1\r\nHost: {hostingy}\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-Websocket-Version: 13\r\n\r\n', encoding='utf-8'))
res = str(soc.recv(1024))

#Response: HTTP/1.1 101

EDIT:
To Clarify: Using Initial demonstration still Fails on Mobile Data. It returns 200 OK from what expected to be 101.

is there any solution regarding this issue, i also hit same issue., is there anything wrong with Cloudflare?

Hi! Still waiting for confirmation from Cloudflare part. I had to back and forth switching my Connection between Mobile Data and Internet Office. I can confirm that this also happens for any Cloudflare Websites. For example: Using another Local Website (Ruangguru) that’s been Whitelisted, still returns 200 Codes

import socket
import ssl

whitelistist = 'layanan.ruangguru.com'
backvps = 'do.famstore.my.id'

soc = socket.socket()
cont = ssl.create_default_context()
soc = cont.wrap_socket(soc, server_hostname = whitelistist)
soc.connect((f'{whitelistist}', 443))
soc.sendall(bytes(f'GET wss://{whitelistist} HTTP/1.1\r\nHost: {backvps}\r\nConnection: Upgrade\r\nUpgrade: websocket\r\n\r\n', encoding='utf-8'))
res = str(soc.recv(1024))

#Response: HTTP/1.1 200 OK

It seems that Cloudflare has trouble with Websockets and the Upgrade: websocket header are left Ignored with 200 OK instead of 101.

why there is no solution reply yet, is there isnt anyone out there having this issue or what? this issue happened to me also

Hi @jonidevelopmentmail, It looks like Cloudflare no longer supports SSL Proxy. That’s maybe the reason why we’re no longer able to Connect via port 443 as mentioned in:

soc.connect((f'{whitelistist}', 443))

It seems that Cloudflare are strictly distribute their Reverse Proxy on port 80. You can verify it using: Proxy checker: verify the functionality, anonymity, and speed of proxy servers. Online, export ip-port — hidemy.name and compare both 80 and 443 port for Cloudflare Distribution IP. First, convert any Website address behind Cloudflare into IPv4 and then check it on Proxy Checker. Here’s my findings:

image855×167 7.57 KB

As you can see, Cloudflare IP on port 443 is failing. Probably @mcfadyeni would able to clarify some other part of this issue.

thanks man, finally some answer after so long

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.