Forcepoint F1E Direct Connect Endpoint users being blocked

For Workers & Pages, what is the name of the domain?

insideasiatours.com

What is the error number?

92a0be3f1a50939a

What is the error message?

This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

What is the issue or error you’re encountering

Step 1: Browser Triggers Speculative Request URL requested: https://insideasiatours.com/cdn-cgi/speculation Step 2: CF intercepted the traffic As soon as the request hit , it was caught by CF Cloudflare recognized this request as a speculative preload request, not a normal browsing action. Cloudflare rules for security and bot prevention said: “If the request is speculative (not a real user action) → BLOCK it.” Step 3: Server Returns 403 Forbidden No authentication or redirection happened, which means the link is not in the bypass list — because the CF immediately blocked it. Response back from server: 403 Forbidden (HTTP status code meaning “Request understood but refused to authorize”). Response Headers: Server: cloudflare Content-Type: text/html Content-Encoding: br (Brotli compressed) Cache-Control: max-age=15 Plus security headers like X-Frame-Options: SAMEORIGIN. Step 4: Browser Receives Error (No Redirection, No Login Prompt) Since the server outright denied access, the browser aborted the speculative request. Chrome/Edge console showed error: net::ERR_ABORTED 403 (Forbidden) Important: No further redirection like login page (/login) or authentication challenge (401 Unauthorized) was triggered. From the HAR logs analyzed so far, it is clear that this behavior is occurring purely at the Cloudflare (CF) layer. There is no indication of any issue on the F1E application side at this point.

What steps have you taken to resolve the issue?

We are not the site owner, so we’re trying to reach out to Cloudflare for help with these issues affecting OUR customers

What are the steps to reproduce the issue?

insideasiatours.com is only one website of many that our customers are being blocked from.

it appears that the only requirement is to have Forcepoint F1E DCEP installed and running and then browse to a website protected by Cloudflare

Screenshot of the error

Untitled.png413×247 73.7 KB

Are you able to visit this website (community.cloudflare.com) with your software active?

I’ll get this checked.

Hi Laudian,
Yes, they can reach community.cloudflare.com and are not getting blocked.

In that case, Cloudflare is not generally blocking you and you’ll need to contact the individual site owners to find out why you were blocked.

There’s already a pretty broad list and they keep finding more websites. Is there any type of setting that these websites might have in common that would cause this? Maybe even a default setting? (I have no familiarity with how Cloudflare gets configured personally)

That’s possible, but you’d have to ask at least some of the sites why you (or your customers) were blocked from accessing them.

Will do. Thanks for the information

Hi Laudian,

Got an update from one of the customers who was blocked by Cloudflare’s website itself:

We cannot get to abuse.cloudflare.com without adding it to Proxy Bypass. Here is the RayID for my recent attempt a few minutes ago.

Cloudflare Ray ID: 93baec459f8d422b

Your IP: 38.135.168.225

Performance & security by Cloudflare

Are you able to see why it as blocked with that Ray ID?

No. I don’t work for Cloudflare.

As I said, you should contact some of the websites your customers were blocked from. They can see why the request was blocked in the security log.

Any idea how we contact Cloudflare about the block from their website?

You can create a support ticket, but the chance they’ll tell you why some user was blocked from accessing the abuse website is about 0%.

You should try to contact some of the sites you’re having issues with.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.