HELP! Cannot access site 403 forbidden after upgrade!

I JUST upgraded to professional to get WAF. Turned on WAF as soon as I upgraded and now 403 Forbidden on every page! Turned off WAF - still 403 Forbidden! What can I do?

Hi @scubaaddiction, let us know if you have issues once you turn the waf back on, and please include a screen shot if possible.

Here is a screenshot of the 403 error page I got. I had one window still open to it.

Hi @scubaaddiction, thank you. I’ve attached the screen shot to your support ticket. Can you go to where yoursite is your site and paste the contents either here and/or in the support ticket for the engineer to see?

You’ll get results that look something like this:
fl=4f314 ip= removed ts=1545177133.924 visit_scheme=http uag=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 colo=SJC http=http/1.1 loc=US tls=off sni=off

fl=98f28 h=[](
ip= ts=1545178051.007 visit_scheme=https uag=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36 colo=DEN http=h2 loc=US tls=TLSv1.3 sni=plaintext

Thank you, I’ve added that to the ticket.

Edit - if you turn the WAF back on, are you still seeing the 403 errors? If so, please let the support team know that.

Hi @scubaaddiction, I just talked with the support team to better understand the issue with the 403 error, that appears related to a temporary issue while replacing the certificate from the free account with a certificate for the pro account and not related to the WAF. You can verify this by turning back on the WAF and visiting the site.

4 Questions:

  1. I have my own Certificate that I had installed before I was with Cloudflare. Do I not need that anymore?

  2. So you are saying that if I turn on WAF again, there will be no 403 errors?

  3. If I downgrade back to a free account, will I switch back to the free Certificate and have 403 errors again during the switch time?

  4. What is the difference between your free certificate and the pro certificate?



The certificate on your origin secures the connection between Cloudflare and your origin server. It is good to have one there, it can be the one you have or it can be a free self-signed certificate that you generate from the Cloudflare dashboard.

Yes, seems the 403 was triggered by the certificate change, not the WAF

I don’t know the answer to that but will ask the engineer. My gut feeling is that if you did, it would be a transient issue that you may not notice, but I’ll ‘phone a friend’ for a second opinion.

They’re basically the same, pro gets provisioned a bit more quickly. I suspect the rationale for changing out the cert is to ensure validity matches your subscription.

4 posts were merged into an existing topic: SSL CRYPTO - Authorizing Certificate DELAYS