Hosting Provider Firewall blocks my website when Cloudflare cache activated

Hello,
I have a big issue with my Hosting Provider (Planethoster) and Cloudflare.

My issue is the following:

  • My website is setup to be used with cloudflare.
  • When the cache of Cloudflare is activated, the firewall of my hosting provider blocks my script and very often blocks me. I can acces to my website only after I enter a catcha.
    Here is a video: https://reccloud.com/u/zbdhv5w
    I bro<se my website on Google incognito and activate the developper mode.
    You can see that one of the plugin is blocked by the firewall of Planethoster.
    If I deactivate the cache of cloudflare, the issue disappear.

In this video, I recorder only one issue, but on more complicated pages, all the plugins get the same error. Even my backup plugin which cannot backp when Cloudflare is activated.

In the page rules, I set the a rule to not cache wp-admin but it’s not enough. I have to set a rule for the whole website.

I don’t know what to. My hosting provider doesn’t hear me.

Best regards,

Hello,
You need to make sure that your hosting provider allow all connections from Cloudflare IPs, without any rate limiting:

Cloudflare is a reverse proxy, so for any client request there is a request from Cloudflare to your origin:


Your origin needs to accepts all requests from Cloudflare.

They don’t want.
They claim that there are too much spammy traffic from cloudflare IPs and they unblock them case by case (I have to ask everyday as it’s never the same ip).
As a consequence, my website is not accessible or broken most of the time.
They advise me to deactivate cloudflare.

Change hosting provider. If they see spam traffic from Cloudflare they should contact their NOC as there might be an issue.

1 Like

I quote the support: "
The problem is that CloudFlare sends malicious traffic: Bruteforce, DDOS, etc. with the free version. This makes it possible to force the sale of the paid version. We tried to authorize IPs temporarily and we saw a huge load on the infrastructure + slowdown."
So now, the only option is to leave cloudflare.

I’m guessing their Support department doesn’t know about their Legal department.

No, not really.

1 Like

Here is the tool they use to show me the issue, greensnow.
For example, one of my plugins is blocked https://prnt.sc/uk0a8g because this IP address is blocked 108.162.229.151
And on greensnow, we can see that there are many attacks from it: https://greensnow.co/view/108.162.229.151#close

Those “attacks” are simply atticks against websites that use Cloudflare, if those are even real. They are simply unable to actually get the real attacking IP.

I repeat, change your hosting provider.

1 Like

I’m shocked that they’re familiar with Cloudflare enough to call it out as the source of attacks, yet don’t understand how Cloudflare works. It’s as if they haven’t even bothered to investigate what’s going on. Any requests coming from Cloudflare would have two headers that show where the requests are actually coming from:

CF-Connecting-IP
X-Forwarded-For

2 Likes

I suspect the hosting provider offers extra-cost services that CF provides for free. By discouraging the use of CF, they can sell more upgrades. So, yep - as others have suggested - time for a new host.

3 Likes

I would agree with you, but you may have heard me say it already ahah

No, they don’t want to sell me any other cdn… They just want to avoid any security issue.
I created a page rule in cloudflare and when I exclude wp-content and wp-includes from cache, I have no issue anymore.
In addition, this morning I shifted to another cdn provide (ddos-guard net) to test and my website was not blocked anymore. So it’s really the IP from cloudflare which are blocked.
My hosting provider just confirmed me that they blocked Cloudflare Ip for all their shared hosting. If I want Cloudflare back, I have to upgrade to a vps…

Thanks for your help.