Hotlink protection blocked me from my own site

What is the name of the domain?

What is the error number?

403

What is the error message?

Forbidden

What is the issue you’re encountering

I’ve been blocked from my own site due to hotlink protection.

What steps have you taken to resolve the issue?

I turned hotlink protection off, I tried making rules allowlisting my IP, but I’m still getting the 403 block. If I use my VPN and enter with a different IP, I can access the site as usual. I see that other IP have been blocked for Hotlink Protection as well. If they are as innocuous as me, that’s bad for my site. The error said I was blocked for trying to access
/favicon.ico

I’m at a loss. I thought joining cloudflare was a good idea, but this is really crazy.

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Flexible

What are the steps to reproduce the issue?

I guess you’d need to be accessing from my IP so you can’t reproduce. Or one of the other IPs that have been blocked for Hotlink Protection.

You disabled encryption by doing that. Make sure to enable encryption by switching Full Strict.

But the images are loading fine

1 Like

Yes, I know the images are loading fine, that’s not the issue. The issue is cloudflare has somehow blocklisted my IP (and a few others) when all I did was try to access my own site. As mentioned above, I seem to have been banned for a Hotlink Protection reason (as had a few others visiting my site). I turned Hotlink Protection off 20+ hours ago, and I still can’t see my site. Though I no longer get the 403 error message, it just times out now. I can see it if I use a VPN to change my IP. So how do I get my IP off the blocklist? And what do I do to ensure this doesn’t happen again, to me or any of my users?

You are confusing things here and hotlinking is not involved. This is probably a block from your server and you need to contact your host or webmaster.

2 Likes

Me being blocked shows up in the Cloudflare Event log on exactly the day that this blocking started. Here’s a screenshot of the event log:

That’s my home IP that has been blocked

You can always white-list your address with an IP access rule.

1 Like

Does the entry in the event file that I posted show that my IP has been blocked by Cloudflare, or only that me trying to access the favicon was blocked? If the latter, perhaps I have been blocked by my own webhost for some reason and it just happened to happen on exactly the same day as this cloudflare event.

I did set up a allowlist entry in cloudflare for my IP after this happened, but it hasn’t helped.

For starters, you should check why you are even blocked. This will only happen when you link from something which should be blocked. You best rather fix that.

Or maybe disable hotlinking, if it is an issue for you.

And I just checked, white-listing actually does work.

"For starters, you should check why you are even blocked. This will only happen when you link from something which should be blocked. You best rather fix that.

Or maybe disable hotlinking, if it is an issue for you."

OMG. Have you read this thread? The whole point of it is to find out why I’ve been blocked. If I knew why, I wouldn’t have posted in the first place. I’m trying to figure out why I’ve been blocked.

Also, please respond to my previous question about the event log.

As for hotlinking, I was blocked for loading my own page and it said the file in question was my favicon.ico. That file resides on my site, it’s not loaded from elsewhere, so why would I be blocked for trying to access my own favicon?

I already explained that to you. You are violating your own security rules, that you configured. You either disable that, fix the link, or white-list your address.

“And I just checked, white-listing actually does work.”

I’m not questioning whether it works for you, I’m telling you it hasn’t worked for me. I’m still blocked from my own site and so far no one has told me whether or not it has to do with the event in the event log I posted earlier.

Post a screenshot where you are blocked.

The file you mentioned is not linked in your page, only the PNG and that loads fine

And did you already switch back to Full Strict? Disabling encryption can also be the reason why you are blocked.

I will follow up with my webhost, perhaps the problem is there.

The snippet image I posted earlier is from the cloudflare event log. It says it blocked me due to HOTLINK PROTECTION. My simple question is this: when it says BLOCK, does it mean it blocked my IP (though one it lists beside the block) or did it just block the request to view that file (the favicon)?

I was not referring to the event log, but to the request where you are actually blocked.

As already mentioned, you run into your own security settings here. Why that is, I can’t tell as that depends on where you link from (hence why I asked to provide that screenshot).

You really best disable hotlinking, if you can’t adjust your site’s setup.

As for your question, I am not sure what you mean as your two options are essentially the same. The event log shows which security steps Cloudflare took.

1 Like

And if your question is whether it blocked your address or just that single request, then the latter. That’s how the event log works.

1 Like

“And if your question is whether it blocked your address or just that single request, then the latter. That’s how the event log works.”

That’s very good to know. Then cloudflare hasn’t blocked my IP address, just my request for that image.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.