CPanel file access blocked by CloudFlare Managed Firewall Rules

Hello,
I have been using Cloudflare for years and have started facing this issue since the past 3-4 months.
I have my webserver behind Cloudflare’s dns proxy with full ssl.

A few months ago I was faced with the issue of not being able to access the files from the file manager under CPanel. I can view and traverse directories, but as soon as I try to view or edit a file Cloudflare blocks my IP address. My website works fine, the admin dashboards work fine, but only file access under CPanel’s file manager are being blocked by Cloudflare.

The first time this incident occured, it took me some time to figure out that it was coming from the WAF option in Cloudflare which I had never really setup manually and seemed to be a new offering. Taking a look at the activity log, I added the specific ruleset to the firewall to “Allow” my IP address. It was working fine.
Since yesterday, it has been acting up again. It keeps opening up the window " Sorry, you have been blocked" every time I try to open file for viewing r editing in Cpanel.
Verifying the setting for Cloudflare WAF, the ruleset is still the same to allow my IP, yet it keeps blocking me every time. So, I tried changing to bypass all rules still no avail.

It is a managed rule by Cloudflare so i don’t see any other option to do anything from my end. “Allow”, “Bypass” don’t work.

What is the possible way to rectify this?

Greetings,

Thank you for asking.

I am sorry to hear you are experiencing an issue.

I can remember this come up few times, the solution to this could be found using a search button :search: .

You could go into DNS settings and turn off proxies for cPanel hostname - it should be on :grey: (DNS only). Do what’s needed and then switch to proxy :orange:.

From my experience, cPanel / File Manager sometimes triggers some WAF rules and you would have issue when you try to upload or download larger stuff.
The cPanel related DNS records (hostnames) should be unproxied :grey: (DNS-only).
Or even better, remove them from DNS tab of Cloudflare dashboard for your website and ask your web hosting provider to provide you their URL through which you can login & access the cPanel for your domain without exposing the cpanel.mydomain.com or the IP (unproxied), etc.

For better security approach, I’d suggest you to remove the cPanel hostname and use the hosting provider’s URL address to access the cPanel for your website. Therefore, connect via the server IP to the FTP, download the needed file, edit it, re-upload & replace existing one and done :wink:

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.