Our church uses a Filter/Security appliance that filters internet traffic. We have the appliance set to filter SSL traffic as well. Usually, things work very well but recently we wanted to go to https://shop.cintas.com/store/. We get an error message saying that we do not have access to this site. (see attached)
With deeper research, we conclude that Cloudflare is blocking us from going to https://shop.cintas.com/store/ because they don’t trust our filter.
How can we whitelist our filter appliance IP address on Cloudflare?
You can’t, only the site owner of https://shop.cintas.com/store/ is able to change their firewall policies to allow your requests (or tell you what blocked your request).
Cloudflare can’t tell you a customer’s settings or overrule them.
Ok. I thought Cloudflare could also possibly do a little something about it… I think they categorize most other sites and, based on that, hand things over to the client. The problem with just depending on the client… we will need to contact every client that uses Cloudflare where this is an issue of blocking our filter.
I think somewhere there ought to be a community that tests and categorizes new sites and gives a general consensus to whether it should be blocked or not… then the client could still override that as needed.
In light of your reply, I went ahead and sent a message to cintas customer support.
The customer creates rules to allow or block traffic based on a number of criteria. They may choose to block based on country, network or individual IP address. If you are using a cloud based internet filtering service it is possible that the aggregate traffic through their service contains sufficient ‘dubious’ traffic that the IP addresses the requests come from are seen as ‘generally’ bad or the operator may have seen specific malicious traffic through the service to that site may have prompted the operator to block the IP address(es) specifically.
By default Cloudflare doesn’t block traffic from specific IP addresses*; it’s customer settings / decisions which block traffic based on their own security posture.
*not 100% true I imagine, but close enough for government work
I’m satisfied with your answers. Thank you very much!
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.