I have one firewall rule:
(not ip.geoip.country in {“US” “CA” “GB” “IE” “FR” “ES” “PT” “BE” “NL” “LU” “DE” “DK” “NO” “SE” “FI” “CH” “IT” “AT” “AU” “NZ”})
As I’m currently located in Australia, I would expect requests to get through. However, it seems that requests from here are getting blocked (error code 1020 - not the standard Cloudflare page though. The entire response is “error code: 1020”). If I disable the rule and wait for a bit then these errors go away.
The RayID below goes ends in “SIN” which I assume is Singapore. Singapore is not in my whitelist of countries, so I wonder if that is related? But, I would think that shouldn’t matter since the request originates in a whitelisted country. It shouldn’t matter where it gets routed through.
Any ideas why this would continue to be blocked?
Curl requests:
$ curl https://cdn.mydomain.com/assets/application-c2c6a2247bc2fe1d004b688504007337326ed1818f6edb3fe2ae04e8848dfc87.css
error code: 1020
$ curl -I https://cdn.mydomain.com/assets/application-c2c6a2247bc2fe1d004b688504007337326ed1818f6edb3fe2ae04e8848dfc87.css
HTTP/2 403
date: Tue, 21 Jan 2020 23:51:41 GMT
content-type: text/plain; charset=UTF-8
set-cookie: __cfduid=dd511db5adb6b2a732b52aac079f20dd11579650701; expires=Thu, 20-Feb-20 23:51:41 GMT; path=/; domain=.mydomain.com; HttpOnly; SameSite=Lax; Secure
cache-control: max-age=14400
expires: Tue, 21 Jan 2020 23:48:16 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-cache: Error from cloudfront
via: 1.1 dcb42c70bda10759ea456b517bba08fb.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN5-C1
x-amz-cf-id: hDUCbQRQOy4zDoFLvLbPx2OjvLxfBpu7Axkzz4SNI6TVcN3BD9ccYw==
cf-cache-status: EXPIRED
server: cloudflare
cf-ray: 558d32942d39dcbe-SIN