Cloudflare seems to block traffic from Ecuador?

What is the name of the domain?

metal-archives.com

What is the issue you’re encountering

For about a month now, users from Ecuador have complained that they can’t reach my site. At first, I thought it was some temporary local routing issue, but after some investigation, it seems the problem is within Cloudflare, because if I disable proxying for my domain, then it works just fine. There are no instances of blocked requests from Ecuador in the security event log, though. What could be causing this?

What steps have you taken to resolve the issue?

I’ve tried disabling any security rules and settings that I could find, but nothing helps, other than turning off Cloudflare itself, which obviously I don’t want to do.

What feature, service or problem is this related to?

I don’t know

What are the steps to reproduce the issue?

You can use this site to simulate requests from around the world: Check response status of domain | Online http status checker If you select “South America” as the location, you’ll see that the request from Ecuador always times out.

Example: Check response status of domain | Online http status checker

The ISP that provides connectivity to Host-Tracker’s node appears to be blocking individual IP addresses, which will cause issues like this.

It happens consistently with the Ecuador, Quito node, operated by the partner OneProvider, apparently with connectivity from ““NEDETEL S.A.””.

On your test link, you received the IP address “172.67.146.200”, which was giving a timeout on that location.

Direct IP, towards “172.67.146.200
:x: Connection timed out.

Direct IP, towards “172.67.146.199
:white_check_mark: Connection succeeded, status code 403 Forbidden.

Direct IP, towards “1.1.1.1” / “1.0.0.1
:white_check_mark: Connection succeeded, status code 200 OK.

Direct IP, towards “104.21.16.2
:white_check_mark: Connection succeeded, status code 403 Forbidden.

Note: As direct IP access isn’t supposed to happen on most of these IP addresses, the 403 Forbidden errors are actually to be expected.

As two next to each other IP addresses are giving such different results, e.g. “172.67.146.200” and “172.67.146.199” above, … there is one possible cause to this problem:

If you’re looking to get it resolved, you will need to contact Host-Tracker’s Support, and ask them escalate it the problem towards their partner and/or ISP.

We seem to be experiencing the very same issue with pro.codely.com.

We have some user reports about not being able to access in some cases from Ecuador, and checking our Host Tracker results it seems to be the same problem faces by you @lord.samael:

Did you get to solve the issue?

Thanks!

I’ve just contacted Host Tracker, let’s see if they can help :grimacing:

Hi,

First, thanks for the insight, @DarkDeviL. That would explain why I don’t see anything on Cloudflare’s side. Pretty impractical that people would block Cloudflare IPs, though. That must affect a lot of sites.

@JavierCane, no resolution here yet. I’m trying to inquire to see if everyone affected is perhaps using the same ISP or something (I don’t know anything about Ecuadoran providers, hah), but no replies so far…

Hi @lord.samael, just in case it helps, a user reported to us that he cannot access from the following ISPs: Claro & Movistar. However, he can access using Netlife ISP.

He called Claro, and they informed him that the block was made recently, and the worst part is they claim other ISPs will also apply it :sweat_smile:

Other user has reported that he can not access the site, but it worked with a VPN, so the block can be confirmed.

More cases: Citycom also blocked Cloudflare IPs. If anyone knows how to deal with this kind of issue, any help would be much appreciated.

OK, I’ve had reports that all the following ISPs are now blocking the IP address in question: TvCable, Celerity/Punto Net, Netlife, CNT, Claro, Tuenti, Movistar.

What is going on? There’s a country-wide agreement to block Cloudflare or something? That must affect so many sites…?