Exclude .well-known directory

Website, Application, Performance Security
1

What is the name of the domain?

What is the error number?

Challenge page

What is the issue you’re encountering

I need to exclude the .well-known directory, because it returns a 403 when reading the toml file

What steps have you taken to resolve the issue?

I disabled everything possible.
I created rules to bypass cache, etc.
Still loading a challenge page when trying to access the file, and Stellar services return 403

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full (strict)

What are the steps to reproduce the issue?

I had to pause Cloudflare,
but it was happening when using https://stellar.sui.li/real8.org > Fetch SSL test:

2

I’d suggest you to double-check the Security → Events at Cloudflare dashboard under your Cloudflare account for your zone, or via direct link https://dash.cloudflare.com/?to=/:account/:zone/security/events.

You should be able to see the challenged or blocked event under the Security tab → Events at Cloudflare dashboard for your zone and know exactly which security option was triggered. Could be Managed Rules my best guess, otherwise Bot Fight Mode or Browser Integrity Check.

Once you find them, click on a particular one to find more details about it (user-agent, IP, HTTP version …). If yes, could you share some details which service was triggered that blocked you?

Just in case if you encouter some issues and/or errors, you can allowlist the IP address or your origin host / server / hosting IP address from the 3rd-party service by navigating to the Security → WAF → Tools → IP Access Rules with the action “allow” for your Website and try again.

Otherwise, you could create a Custom WAF Rule to exclude the .well-known path from Security (Might not work if Bot Fighr Mode is tirggered, then you can proceed with IP Access Rules).

slika
slika1155×1100 41.6 KB

3

Not sure why this has been marked as ‘Solved’.
As I explained nothing works except pausing Cloudflare.
This is the output received by the TOML checker instead of the TOML file itself:

<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name="viewport" content="width=device-width,initial-scale=1"><style>*{box-sizing:border-box;margin:0;padding:0}html{line-height:1.15;-webkit-text-size-adjust:100%;color:#313131;font-family:system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji}body{display:flex;flex-direction:column;height:100vh;min-height:100vh}.main-content{margin:8rem auto;max-width:60rem;padding-left:1.5rem}@media (width <= 720px){.main-content{margin-top:4rem}}.h2{font-size:1.5rem;font-weight:500;line-height:2.25rem}@media (width <= 720px){.h2{font-size:1.25rem;line-height:1.5rem}}#challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgMTMgMTNBMTMuMDE1IDEzLjAxNSAwIDAgMCAxNiAzbTAgMjRhMTEgMTEgMCAxIDEgMTEtMTEgMTEuMDEgMTEuMDEgMCAwIDEtMTEgMTEiLz48cGF0aCBmaWxsPSIjQjIwRjAzIiBkPSJNMTcuMDM4IDE4LjYxNUgxNC44N0wxNC41NjMgOS41aDIuNzgzem0tMS4wODQgMS40MjdxLjY2IDAgMS4wNTcuMzg4LjQwNy4zODkuNDA3Ljk5NCAwIC41OTYtLjQwNy45ODQtLjM5Ny4zOS0xLjA1Ny4zODktLjY1IDAtMS4wNTYtLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+);background-repeat:no-repeat;background-size:contain;padding-left:34px}@media (prefers-color-scheme:dark){body{background-color:#222;color:#d9d9d9}}</style><meta http-equiv="refresh" content="390"></head><body class="no-js"><div class="main-wrapper" role="main"><div class="main-content"><noscript><div class="h2"><span id="challenge-error-text">Enable JavaScript and cookies to continue</span></div></noscript></div></div><script>(function(){window._cf_chl_opt={cvId: '3',cZone: "real8.org",cType: 'managed',cRay: '8f73c29b8d652a14',cH: 'ilnqJsjXvDUjjMQVecOHfrihF44xz9nuk_AioeN8.as-1735076535-1.2.1.1-6VJHcAL1iKKXYKzgh_mrXwqaJdnWJH6lPs1ipzB8j9eXZyrY.oYbXBRnlqPYNwCC',cUPMDTk: "\/.well-known\/stellar.toml?__cf_chl_tk=T9PopiOE3Ag.c7SV6veMy0WVcgY1gZvdINjJ1Fq_Hxk-1735076535-1.0.1.1-kG4yiZtQeJ3GAXivXJwIs2EyDkThbehkWDvuxzTYmQw",cFPWv: 'b',cITimeS: '1735076535',cTTimeMs: '1000',cMTimeMs: '390000',cTplC: 0,cTplV: 5,cTplB: 'cf',cK: "",fa: "\/.well-known\/stellar.toml?__cf_chl_f_tk=T9PopiOE3Ag.c7SV6veMy0WVcgY1gZvdINjJ1Fq_Hxk-1735076535-1.0.1.1-kG4yiZtQeJ3GAXivXJwIs2EyDkThbehkWDvuxzTYmQw",md: "0WoDUH5Qmy4pE.ZQC1oOqrL2CHFl5dpwQc8IIEufSrA-1735076535-1.2.1.1-n3Xz37yvnLhuKi_BqA3jSt8DzzBmEH88RPcAzV7IZs1FZ8FTCEOz_RAAbPiiCpNDMgsl.fd1Gog_KZ4mbJWZrNnZNFMmKGKn4.Xa_Ja_K9vNf8oopeTKE41h9BX9QqEJJ5cpP_o0.Dt3yEKq0wHvCgI25F7c1_ueyahf6.5bE.M5CQ41j6m3xiaP_5msM77khHuVD0tfogt.n_BOvf5BdHsTDxrT_P5wX4Is9bYh7AuGJAIgRpqV_F0U_cyBZPDbzMOCYNG5VqvWsrQal2PFHSVGFrgsU1LJKiEzH1tZg75XpH2tQjeWEOcHy4YV2.ZZwuMnTXDgZ2VV8osK4tc9wKyCf4Ex1xl10MZgAOT9pilNV1tan9ACkAcofcLujrU_iJ_noXOySwa4opMMiKtBuG0BmYE0OWLqU5cUWqWKMySPKnU2RYxNNywIBhCB3U4ExmBEyCrl180z4hD41Sh3S9EjXE0d1QPTA4u8zLv6z.qS8sGfZ.q1YbWev.imvabotXh8hGnlkN5pa0rjHnjBZJot__s8wOd7JoRgtbnRyD5HS6g9z06wFx6WL5bYFemhV30AZJ87fTwFWuBLcrfWukBCm31F3pQK8tWdjBXxXNepBDOUUqDi5TGreN5YXlFNzc3YL0ZhVX2B5Zzm40XKbPEZ80_CYo8NWSbqPhKSyYo0fzBeMt9PBiwJr4vIZc2DmTHrnK78CKIlSCseF6Wp6UZyqzNm1Cawzi8fSgl2pFKlwhFBw0WUOaJ9k2r8wnFg7WDN7zmOmmdp6dMBqI4olYliR4FrrMb8HcemJ0ef1KvCXOMig9NlOy4Nsl66URGMBk04O7vUB7R.kDA0SRfpgV.Y0804IBvGBckcw_1H0_uX6Q0zwRau4Nw.c_DyqeLVWRy1EKL0pZDhRpJjTMlJDcahhPuTw5BK.pI6_xvxvN2kWh5svgcvyzD_Q1QOAvJVG_LpSde9Jk6JYunz8K6R527oEuwD2YqDhtYqMTXmeaC66ML5.NpJHUWvSf.q.dUhgEuKF7IPwPhGBXZ.W5F_x1QEAmyHJzQImEvz_67r1xy1q0URSZtsu0lqx_ACYSuuodfC5LgiChLBweVyEp7n3LYM8oX38sBpu98NYKPM9ObYzuH8a0n2amEyzmZFfAUrozf.4CswVMI2xsuGXhMN.1IAs8Dw90loExZBv2Ycow2lH09MjJnwHD09UJDoqKtIf2f.BWGU_j1WggE41elYw.R_89z_kJrSMjDvEWJGTCm39EnD70KlKGPy1XfG0d9m6p5SzGlaq6J.JxXbZbqSBXPpV3Ou.FIi.Y9kjFDv82AcYNNdaiZO4Qwl257u0tYTOLHtRJUGGceU2anthMTSwo995Yc2CGu.h1dkicKSZeh56zWdiAmKT.GURcShOJJrVy4tYJH0CqwHBG3pA5SKy27mvZl2sW0niAZts8W.rMl2Sk0fClMV_a3Skbsf9aU0So4D1jAeeWxJjqsnH4b061kNRHafrKUNWEY7OXxKgWDRLjLHFtegf8O2nff.yV6k_.poVHG.LZSxx3Whd1_QFlakb5MVNhvuL.EVgspBCfDBvUPbfvtQT7ZZCpqYfGDx1bv8mSSYXEODsrmHuteKti_NJr1xXwjpUOcv_oJjQs9wYyMhFyHNnM8C6sahKZEqH4gOVbtDQx5SzetSZnkiIL6jht1NbQFI7YJ_Nn0toVie40l.cH4UInmN5IHn7YEAziFU1HLY_o9WLI3_DDqNYxHDygNseYATYK3_P8WBaqXItBOClaSI7jDrzhiVLALzIRXHkCrQOvv23nVGD7asc.zoZma0Ty7aiQwfAo8jufsi7yCOK4OcE0Mv00JvL1tHnQmYdeoudCErab6vfuRefAmLd1RAmadLVlG0DrsyZNsJUEdPXixABtev1k_t8i8ZRgDK6T3NrH2D5GmV7FhMt22kyFXJHm8LWWytFUcOgkKcre.amngJF6imMQMkiar_PyEEPBFFH5Zx1fGYXfX88P8Hk6m7Q5JRm24Mbh0eyWUi.drBjrT9birLMpSno_sJoqGcfevMgA9thfYlwaOQlrh3mKpMmp3TQjiB68vAhpdEEU.p3TZB5ZlW54AdaQCOfyRQNKPErXr7HQvjy5XSwNLfn6smcWw723OAMEWPPVih.MSsFCp8R1FLywAuM0xOxFffw3jY44Yc2r.PvKKbdGIdXxL_pI9ZGM3b2QzReNSzQqxL7QbNot82nvRgHo_MxcC7L3_t2Jd3tqOjPWIt4sdVswvnnd3aq.dR_Tnf_3WaZ95mrEVuoQPxf0Yq0CZY83.bxN69iCaB3HIdQaI769Wyay5JGblS5Gie8AYc3..l5SFzhUNlb7b5A5_jeFie",mdrd: "IYHCQM1ZAOEZcxTL0QJL5zhGb.SazyLQWi0TL89rjvY-1735076535-1.2.1.1-8yBBAXMqmRMzTsuYaMJ9Xsbua591Z19nFJdo7Ua.DZ34KctfW3OZpgp5PmI0xR5sVCISrHpVsunXvej4XvYkPAxBCComjHtmvZSgKGgszs4QF.rg9wVlYHhiL9tDAcgYwxEMxIO2.jDWwN7P7AshTUxon8jtSNwEcS3r0srJ1sAFbnJ4RicPgpCbwaM3mFEJCRppmENRfhNDOAMZwr_l.i.6X4lVqAu.1knlxT1kLU0.RrY7OrvFWyLBIDpt1bmnhF_ebJLbQBYcCP9RhBZHIYxPyuV0lw1g.c1XZKeWIR_XVwG_er249UunrzZ.F0RsqxEYXiCIslWb2iCtz7pHeOu1ACUMg9V_1viywRleEZePNxHM71NsDMj9xrptpnFh4HXakgQ4vaqiOArBxUwOrscKK2.EAksnLQxWkCy6MxiY0nkjWKDPa3HXX.damIi3meKIxnO_PlawScf42yINT4xxCA2ICd4OhvUGkK_YPh0tR_rgjc.9LhSaqhpJFoL6VmRiqsRsWzZ0Wq_smicMcboj4hixDJ9IXmR_u6cF0qZdSSO80HgaczypZ_nPl6_hRPtDKretgopHfYi5WDWbs44SwXsLAqvkjnM8AX_HLnOTtBT5YU4aSIZGOWmqky0V03LPFtB1mWzIaXm2PU2tOOvaYtWo2FbBKZ3tH0AddWSOWW75E9gDO9NIeperwmd0k6tBOiKzhhpXzOmzaU61mZTP9taQhqO2ZJ.Q22P4PzWGivWD_bYdfRsiKeQDQVm5V46vkODjgG8w_Ey2Lr5CcwUYCOshIVyse6Wa3DpedMFl6.aLmmrfE8Cho6hbfJ.61ed2TcKf.tKWS.0JzVb2ZTDIOQyIwH2gGN51dBjv5jR45iQbO63ltaHMMoa8D_cPBzhgwNRQkmQaNaeBdvSCeYWBewXKRK1.H1oZv449Q7SGZfU4BXs8MudNGSx9yBmMSgfY4QOXr.RGcJQSioy63hox0dKrq_yGEBXAor.yx6ocKaRIAsFJJKtDo66HYpBdtPFaap94w6rbeZvtcI1Pvvc3LueFUUgVZhYhx80qrHmnKT9TuY6TkFIsC1wjkzeArFVFdk8B88EqHWvI0eRFiw8NTaZWXy9qfCQoJ7CHYyHt7TJ_04q03VmsuIVV0X0Ft8P9vdk2cXX2Xf.hvAKhvAVc5HMjZLSeHCLtxiMe4rKDTsWJNLijcpfIdFQ9sARh4_i2UOhh2ADTg3qLeNHnd0jaoojUNVyF887trk33dLNnArHpMoDrmlvAnA.gEDLD.aZySy1_iURu7xkzweT1m_7BM4CB_2HpFg0xsBrYB8xaW9Mj5qSf3H3bx.9nlVE.NCt8EBnUDDqcaxeMsGjeach0YDLcplzZxzn_IPjKzUTAY2rTKqp8282UD7qg3qhbQ9QXAuELH.fca8Y4FM1NGZgoJyLYGfVnRuIzxHVfevCV9hh5gFjQluUXVCSpf2msgPANW.85BJmGxmpeMA0HFa2T0WkFUFSm1lzzHc3T.xaxjreTVCwPcnuPQIQooDBSb2H8uN3Hhbsef0_3aauSbgmpdO6IuwVPEzJ.UzwRoTBL9UmOeNyqWgzx4WcrsWH_tI9Bh_x.x2Q7teoVEj_PL6SZxvX8AakB7Ln2qVp_EdIUU.aim3pCoop_S446MFfH2CX7heKKThyMr__cQhARjrcqA.XF537g76tTBCk1pRI01ueGC0ASbfqUruifEs5GKDgg9SfUlHC2EdNTt5Kzp8EY1glmp_h4ol6p8EC3N1M6IHoe_rft18IeHOW.r1QHRG_v7wkSdqjrysrSAU_5ucohIkv2eiN0Q2__NajlXHSy8OTP0wnBIyjNQtWMxLG7abHQmUhLmsBgdwEy3g7XPuUWDE1sph4ezGGt01QeNMSJFzQJmvajEyOrc4vRVQoBPwsmiBac4GIC1y_pdypbowp_F6kslin8VR7ZcfOM1LqoaOXSvP.1iNYi0bpsxHvNP9Udz7iqFm.7oDahwd3fXSolhzbqxJBUWA6u4jX9pomSksj0uBHepcEk2B4g1x3x_MB46So.rptlVC_ktY8glYTR_8VRI2Z7AE7YVqiTm4pD25OswgW9jUTQpfERnZ.RNG1Axv3iZ1RqU1xaAoDxWqb2BJerTkeDPGTsIf2G7eXLM0o5lEwpJxlUKZ.GQq5zLJrFTjg56Ov_lVh46EiLVVU.YE8gkVV36viK8M2BpOOJZgJ65MKgrJFnPsgoRxvt489rGduWH1Papm_hfV2SG3GER_LEgLRVTGnQljk13O8"};var cpo = document.createElement('script');cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8f73c29b8d652a14';window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;if (window.history && window.history.replaceState) {var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;history.replaceState(null, null, "\/.well-known\/stellar.toml?__cf_chl_rt_tk=T9PopiOE3Ag.c7SV6veMy0WVcgY1gZvdINjJ1Fq_Hxk-1735076535-1.0.1.1-kG4yiZtQeJ3GAXivXJwIs2EyDkThbehkWDvuxzTYmQw" + window._cf_chl_opt.cOgUHash);cpo.onload = function() {history.replaceState(null, null, ogU);}}document.getElementsByTagName('head')[0].appendChild(cpo);}());</script></body></html>
4

Thank you for feedback.

By the RayID 8f73c29b8d652a14, may I ask could you check which service is triggered under the Security tab → Events when you filter out the events by the Ray ID? Could you please share a screenshot of this event? :thinking:

2 Likes
5

It was the Service Bot fight mode,
that was triggering a Managed Challenge for some reason,
I had to deactivate it, but that’s better that not having Cloudflare at all.

Thanks very much @fritex , greatly appreciated, this was driving me nuts

2 Likes
6

Great catch!

:+1:

I am happy to assist you! :hugs:
All best during the Holiday vibes and New Year as well! :christmas_tree: :champagne:

2 Likes
7

Same to you @fritex, Merry Christmas and a very Happy New Year!
we’re preparing an Airdrop shortly from the site in question and we would like to send you some appreciation coins. You can email us your XLM address to i, Cheers !

1 Like
8

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.