My script calls my API which is behind Cloudlfare WAF. My API’s origin server also returns 403s (ex. if user is not authenticated). From the HTTP response, I want to be able to distinguish between a Cloudflare 403 vs. my API’s 403. What is the recommend approach?
The Cloudflare response won’t include headers that are only present from your origin, so look for one of those (maybe X-Powered-By or something else), or add a specific header to your origin response, or just origin 403 response, that you can look for.
Otherwise, the body will contain a Cloudflare block or challenge page HTML that you can look for.
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.