Getting 403 on all CF hosted websites


I am getting constant errors:
HTTP/2 403
from all CF hosted websites from a particular IP ,for which i cannot see reputation issues in multiple blacklist checkers including :


I am therefore struggling to understand why i am being blocked.

Cloudflare - forbidden
nodejs - forbidden
nginx - forbidden

All return :
## Checking if the site connection is secure

Enable JavaScript and cookies to continue

** Cloudflare needs to review the security of your connection before proceeding.**

However since this is a programmatic request - it immediately returns a forbidden status code.
It is therefore impossible to use curl for example to download from nodejs downloads

I have been accessing CF hosted websites without issues from this IP until today .

Any help is appreciated .

You get this in some kind of a software or terminal/console, or in your Web browser? :thinking:

Are all of those websites your’s or owned by someone else?

Is it your ISP or?
May I ask have you tried using a different Web browser, or tried clearing your Web browser cache?
How about using a Private window (Incognito mode) or a VPN connection if possible?
Is it the same behaviour on your mobile phone (4G LTE, mobile data, cellular)?

Or is it on the Websites using Cloudflare and the lookup IP returns one from the 188.x… range from Cloudflare network?

Are you using some kind of a Web browser extension or some kind of an anti-virus software which might trigger or restrict something?
Any privacy settings enabled at Web browser, or maybe using some kind of a “privacy-related” Web browser, even like TOR?


Thank you for you reply …

The mentioned websites are not owned by us.
Yes, i am referring to websites, that return a Cloudflare IP from the whois/dig info .

We are experiencing this from a CLI-only server often trying to download resources with curl from nodejs[.]org website. (When building docker images for example)
Therefore a lot of your suggestions are inapplicable.
(The text i sent is just to illustrate the issue - it’s again a simple curl request:
curl -I -L www[.]Cloudflare[.]com

It’s not an ISP, it’s a VMWare cloud service, not a home laptop or similar.

I expected to see the IP in any blacklist - but i am struggling to see reputation issues.

This may help

Bot fight mode has spazzed out. Gee whizz if it didnt block 90% of the net its now doing 99.99999%

Its fixed but apparently.

Thank you for your reply !

I am still experiencing this issue and i do hope it’s a temporary one, but as you pointed out - it should have been fixed… but it’s not (If it’s the same issue)

Random example:
curl -I -L www[.]nginx[.]com

Trimmed output :
HTTP/2 403
date: Tue, 30 Aug 2022 13:47:17 GMT
server: Cloudflare-nginx

Thank you for your reply.

I saw this article but ruled out all hosting-side errors, as i have a proxied domain that can be accessed with curl and the --resolve option (specifying the origin IP) and i know i have no firewall rules, user agents/countries blocks etc…but i am getting 403 when not using the --resolve option for that domain + the issue manifests its self for websites like nodejs[.]org, or www[.]Cloudflare[.]com , or nginx[.]com , etc…

I also don’t quite get what ‘Cloudflare doesn’t return 4xx codes’ means, as i can clearly see :

HTTP/2 403
server: Cloudflare
in the response from my curl reqeusts…

We are not blocking CF IPs in any way .

I am struggling to find more helpful info from this artcile.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.