Everyday unable to access my site

Hi support,

Since the day Cloudflare API was sown, I keep getting this same error everyday.

Had to purge Cloudflare cache to be able to access. Recently its happening every morning. But some time back (close to the recovery day), the timings that this happened was very random.

I asked a friend of mine in another location (ip), to help check see if she can access when the site shows the spam ip error for me. She cannot as well. The same error shows for her.

So its definitely not my ip issue.

Please see screenshot taken from my mobile phone just 2 hours ago when my Freshping reported site is down :

Screenshot : https://snipboard.io/IGHrtB.jpg

Was there some settings issue that caused this issue?

Thank you.

Regards

Faustine

Hi @allstars-ft

This does not seem to be a Cloudflare issue. You might want to talk to your ISP about this.

You could also try and ask your hosting provider for a new IP (just remember to update it in your Cloudflare account as well).

1 Like

Thank you for your reply.

As mentioned even my friend from a different ip address also get the same spam / malicious ip message… when she visit the site when the error occurs.

Before the API went down, everything everyday was fine… It was after the Cloudflare outage that this happened frequently, recently everyday. And we are using the same IP so far though dynamic via our Singapore ISP – Starhub.

There’s no blockage of my ip at my webhost as well… (And also when I pause the Cloudflare for 3 days, the issue didn’t happen at all).

Could you please check again? Thanks.

Also, its when I clear Cloudflare’s cache (Purge Cache) then the Error message does not show up and the site loads properly.

@louise2 I did not add the Hosting ip into the WAF for “ALLOW” / “SKIP” (Either Via Tools – IP address “ALLOW” or Custom Rules “SKIP”). Do I have to? (Does Cloudflare actually block Webhosting (site)'s IP?)

At present, I have my ISP Starhub’s ip configured at Custom Rules, and my Boss’s Office IP at Tools.

Anyway I have just sort of change my Wordfence to Learning mode and disabled Realtime block… see if tomorrow morning , will the same thing happened again …

Thank you.

Fyi, its happening again. (3+am now) … went to allstars.com.sg to check my site… the error shows (have to clear Cloudflare Cache to solve it temporarily)

But according to my Freshping monitoring, 9+pm… It started already…

Have set to Development mode to bypass temporarily… See it would happen again ?

I am very sure its not my ip being blocked…

Development mode did not solve… I will Pause Cloudflare now

As of 6+am, error appeared. Purging cache solved the issue again temporarily.

@louise2 Having paused Cloudflare for a day, so far – the site is loading — no issues.
I’m going to Enable Cloudflare back and have set the server IP in WAF – under Tools – IP Access rules.

Hope this will help with the situation…

Will update again tomorrow…

Thanks.


I have tried to add Server IP in with Cloudflare enabled, but the same error appeared and Freshping reported the site down.

Had to clear Cloudflare cache yet again… (Time I posted this update here is 8.59pm, minutes after I purged the cache…)

Your web host is very likely rate limiting Cloudflare’s edge locations, tell them to not do that

3 Likes

Have alerted my webhost on this … And they said there’s no rate limiting.

Just an hour and 4minutes ago, it happened again.

But this time I noticed …I can get to the wp-admin and log in, but the site home page loaded with the error (tested in incognito mode for the home page).


The error you see is coming from your host.

You say that clearing cache solves your problem, so I assume that the “Your IP address has been blocked” page is eligible for cache, whereas your normal page is correctly bypassing cache.

Can you show the response headers the next time your problem occurs?

2 Likes

Webhost reply earlier (and they are still checking further) :

I wasn’t able to find anything on the server side blocking the missing request - it wasn’t mod_security, the server’s firewall, etc. It seems Cloudflare may have blocked it for some reason, preventing the request from reaching the server.

Response headers below :

  1. Request URL:

https://allstars.com.sg/

  1. Request Method:

GET

  1. Status Code:

403

  1. Remote Address:

172.67.130.16:443

  1. Referrer Policy:

strict-origin-when-cross-origin

  1. Response Headers

  2. access-control-allow-origin:

  3. age:

10341

  1. alt-svc:

h3=“:443”; ma=86400

  1. cache-control:

s-maxage=31536000, max-age=60

  1. cf-cache-status:

HIT

  1. cf-ray:

824279dd08bf5fdb-SIN

  1. content-encoding:

br

  1. content-type:

text/html; charset=UTF-8

  1. date:

Sat, 11 Nov 2023 00:39:04 GMT

  1. expect-ct:

max-age=5184000, enforce

  1. expires:

0

  1. nel:

{“success_fraction”:0,“report_to”:“cf-nel”,“max_age”:604800}

  1. pragma:

no-cache

  1. referrer-policy:

no-referrer-when-downgrade

  1. report-to:

{“endpoints”:[{“url”:“https://a.nel.cloudflare.com/report/v3?s=Tq7pkPmjnlcrGhFCJjX98po4wBrf%2BHMjfWqZNrgObnJMC%2B0GrDnEeV1kL%2FNeH6ZGBEuleDHgTqvdSyv6i6szN6Ah3HxCzA2q%2FrSzQWLHwWQEsqIERhAurykHAEmOdu1mXyU%3D”}],“group”:“cf-nel”,“max_age”:604800}

  1. server:

cloudflare

  1. strict-transport-security:

max-age=63072000; includeSubDomains

  1. vary:

Accept-Encoding

  1. x-content-type-options:

nosniff

  1. x-ua-compatible:

IE=edge

  1. x-wp-cf-super-cache:

cache

  1. x-wp-cf-super-cache-active:

1

  1. x-wp-cf-super-cache-cache-control:

s-maxage=31536000, max-age=60

  1. x-wp-cf-super-cache-cookies-bypass:

swfpc-feature-not-enabled

  1. x-xss-protection:

1; mode=block

  1. Request Headers

  2. :authority:

allstars.com.sg

  1. :method:

GET

  1. :path:

/

  1. :scheme:

https

  1. accept:

text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9

  1. accept-encoding:

gzip, deflate, br

  1. accept-language:

en-US,en;q=0.9

  1. cache-control:

max-age=0

  1. cookie:

cppro-ft=true; cppro-ft-style-temp=true; _ga=GA1.3.336081588.1699619212; _gid=GA1.3.542087041.1699619212; wf_loginalerted_83f0b27773864df743717319466039edf28e759a93c95a74af1df583f010bc7a=b9e179b131d1fdea8e6a1de02a972a1a1570d29ec0628c78377d52b1e97561fd; wp_woocommerce_session_65f4f7ab61160f708610c24d760e416a=1%7C%7C1699792361%7C%7C1699788761%7C%7Cdda5ad66a7f3e82e35150be0471378b9; SHR_E_ENC=1aa9218f1bcbaa8763477c02af75fa57841d1c75dc246e14ad0a18f4bef6e6a4dec9b1632c4fb18d46082debc5b4837dea08f6f32879a571e515bf6ca7eeedd592962e2e8e3db7f7b638ae631d76a387f5bc06cd4d33b44f27e1cb9505d2aa8bec50f19310ba4d5ea1f7c81304e4b9da3412ee2aba8f87d776646c4419bd768afc742e1117ea2faa4c40af29feda9f7a91734973fd7bf712ba93bd2a5f39b9e03c52b31ccf4b60404ed47f221b8255ba5ad07a470493bca0d8561c26999a1be7228bbea2803aeadfa116fbd9c8af3103e014ea210a4e26c7df0156631d2a0a83679f97cb4a641c418ecfbc51313804fa5d9920ed12ec51c84a78b9c9ac00250a; wp-settings-1=editor%3Dtinymce%26imgsize%3Dfull%26libraryContent%3Dbrowse%26editor_plain_text_paste_warning%3D1%26advImgDetails%3Dshow%26mfold%3Do%26post_dfw%3Doff; wp-settings-time-1=1699619626; cf_clearance=_Qkmt1bzf5MQPuL20Ui3FJWHZ0jxp64DRWAG9M1v7y4-1699662865-0-1-7087aa3f.ad18659c.8c2f6c96-0.2.1699662865

  1. sec-fetch-dest:

document

  1. sec-fetch-mode:

navigate

  1. sec-fetch-site:

none

  1. sec-fetch-user:

?1

  1. upgrade-insecure-requests:

1

  1. user-agent:

Mozilla/5.0 (iPad; CPU OS 13_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/87.0.4280.77 Mobile/15E148 Safari/604.1

This here is the culprit. Everything works, until one person is blocked by your firewall. The block page is then cached by Cloudflare, as instructed by the cache-control header.

It looks like that header is added by the Super Page Cache for Cloudflare plugin.

You should figure out a way to not set cache-headers to your block page or disable the blocking mechanism.

2 Likes

Thank you for your reply.

The error just happened again and are affecting our customers as well since they are seeing the same error.

With regards to Super Cache for Cloudflare plugin, I do not see how I can :
“disallow setting of cache-headers to block page or disable the blocking mechanism.”

Am checking with the plugin developer…

Thanks…