In case if you cannot remember in which interface under the Cloudflare Dashboard have you enabled such feature for your Website, I’d suggest to cross-check multiple settings and disable it following the instructions from the article below:
Check the main Dashboard
Check Custom Rules under Security menu → WAF tab
Check Security Level under Security menu → WAF tab
Thank you fritex for your answer. However I have not switched “On” the “I’m Under Attack” mode. It’s about the security level which is always on now and I can not lower this by myself so that the domain can run with Cloudflare without having “forbidden” when someone tried to access the page.
I have submitted a ticket (#01438236) regarding automated mitigation and “Always Protected” security level on multiple domains (developmentscout.com, florida-scout.com, presseservicebuero.de). Legitimate users are receiving 403 Forbidden errors, and we urgently need to regain manual control.
The DDoS attack has stopped, but the system still enforces automatic protection.
if you have received an email related to your zone having potentially abusive behaviour, please reply to the email that you’ve received from Cloudflare team.
Otherwise, please reach out directly to [email protected].
This issue has to be checked and solved by the Trust&Safety team.
Thank you for patience.
Please, do acknowledge below if it’s related to your case as well:
You should be able to see the challenged or blocked event under the Security tab → Events at Cloudflare dashboard for your zone and know exactly which security option was triggered.
Once you find them, click on a particular one to find more details about it (user-agent, IP, HTTP version …). If yes, could you share some details which service was triggered that blocked you?
