Half of my sites on MainWP can no longer connect (blocked by Cloudflare)

Hello!

I currently have 34 sites that I manage through MainWP. They were all connected fine until recently, (and had been for months).

  • Between Jan 27 and Jan 30, half of these sites were disconnected because MainWP access was suddenly blocked by something on Cloudflare’s end. However, from Jan 30 everything worked fine again. I had not made any changes.

  • As of Feb 6, the same sites are disconnected again.

Response: https://codepen.io/almostronaut/pen/JjBqdMO

  • All 34 sites use the same configuration (basic DNS through Cloudflare, no page rules, really nothing else), same web hosts, same everything else, including the sites that were NOT disconnected in either instance. So I honestly don’t know where to look for solutions.

  • disabling proxy DNS fixes the issue but leads to other errors (SSL etc.) that I haven’t had time to trouble-shoot

  • Whitelisting the MainWP server IP via Security → WAF → Tools → IP Access Rules → Allow does not fix the issue

Now I don’t know if this problem is going to go away on its own again after 3 days or not. I’d be grateful for pointers.

Greetings,

Thank you for asking.

I am sorry to hear you’re experiencing an issue here.

If so, you should see the challenged/blocked firewall events in the firewall events if you navigate to the Cloudflare dashboard → Security → Overview and lookup for Firewall events for the past 24hours or so. Once you find them, click on a particular one to find more details about it (user-agent, IP, HTTP version …). If yes, could you share some details which service was triggered that blocked you?

  • you should see your origin host/server IP out there and user-agent like WP-cron or WordPress/version

May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )?

Before moving to Cloudflare, was your Website working over HTTPS connection?

Can you double-check if your web hosting provider issued an SSL certificate which is still a valid one for your domain(s)? :thinking:

Before doing anything at Cloudflare settings, you could determine if you have a valid SSL certificate installed at the origin host/server by your web hosting provider or your own VPS/dedicated server following the steps from below:

  1. Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com .
  2. The link is in the lower right corner of that page.
  3. Give it five minutes to take effect.
  4. Check with your hosting provider / cPanel AutoSSL / ACME.sh / Certbot / Let’s Encrypt or some other and renew it accordingly.
  5. Make sure site is working as expected without any errors via HTTPS.
  6. Only then should you un-pause Cloudflare and double-check your SSL/TLS setting to make sure it’s Full (Strict).

For the whole CF account, or only just one Website? :thinking:

Hi, thank you so much for helping me with this!

Firewall events

Here’s one I found - the IP address listed here does not match the Server IP address I see in my MainWP settings. I also had a look at a number of other domains and most don’t have any entries from today (or non that I can trigger by trying to connect them in the moment) so this one is probably unrelated.

Matched service

Service			Managed rules
Action taken		Block
Ruleset			Cloudflare Managed Log4J Ruleset
				…dfb893ba
Rule				Wordpress - Broken Access Control, File Inclusion
				…bff5a079

Request details

Ray ID			7963a5466e23205a
IP address		5.161.195.238
ASN				AS213230 HETZNER-CLOUD2-AS
Country			United States
User agent		Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36
HTTP Version		HTTP/1.1
Method			POST
Path				/wp-includes/css/wp-config.php
Query string		Empty query string

May I ask what SSL option have you got selected under the [SSL/TLS tab] at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )?

Full

Before moving to Cloudflare, was your Website working over HTTPS connection?

Yes

Can you double-check if your web hosting provider issued an SSL certificate which is still a valid one for your domain(s)? :thinking:

It showed an error right now (DNS DCV: No local authority).
I paused Cloudflare as you suggested and AutoSSL ran fine afterwards. I made sure to see the cpanel certificate in action before enabling Cloudflare again.

However, the connection issue persists.

For the whole CF account, or only just one Website? :thinking:

I only found how to do it for a single website :slight_smile:

I was confused because a good number of the sites that didn’t experience any connection problems are either using the same host or are using Cloudflare DNS. But all disconnected sites use both, so at least that’s good to know.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.