I have been blocked by my owne website by Cloudflare Cloudflare Ray ID: 8472f8c2aa2f7824 • Your IP: 2403:5817:1e1d:0:c40f:9d08:7b1e:f0a2 • Performance & security by Cloudflare

I have been blocked from my website while in admin and simply trying to change some text on a page. Have done this many times before get this message when i update the page.

In the Cloudflare dashboard, go to the domain in question and choose the Security tab. This will bring up the event log. At the top, click the “Add filter” button, choose “Ray ID”, paste in that Ray ID, and click Apply.

Then you can look at the event and see what firewall rule caused the block.

1 Like

Thanks, have done that and it makes no sense to me I’m not an IT person.

I just see below

Top events by source

5 items

  • IP Addresses

    1. 2403:5817:1e1d:0:8c14:b032:e608:914e

1

  • User Agents

    1. Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36

1

  • Paths

    1. /wp-admin/post.php

1

  • Countries

    1. Australia

1

  • Hosts

    1. theedgebuyers.com.au

1

  • ASNs

    1. 4764 - WIDEBAND-AS-AP Aussie Broadband

1

  • Firewall rules

    1. No data
  • Rate limiting rules

    1. No data
  • Managed rules

    1. XSS, HTML Injection - Script Tag

1

  • HTTP DDoS rules

    1. No data
  • HTTP Methods

    1. POST

1

Activity log

Edit columns

DateAction takenCountryIP addressService

Jan 19, 2024 12:34:49 PM

Block

Australia

2403:5817:1e1d:0:8c14:b032:e608:914e

Managed rules

1 to 1 of 1 items

For some reason you’re triggering one of Cloudflare’s Managed Rules. You’re on a paid plan, right? With the Managed Ruleset enabled?

Under Security, choose WAF. On that screen choose the Managed Rules tab. You should see something like this:

If you don’t see that, but instead see something asking you to upgrade your plan, that means the rule is one you don’t have a choice but to have enabled, so you’ll have to do something like allowlist your own IP address. But assuming you’re on the paid plan and see the above, click the “Cloudflare Managed Ruleset” link, and near the bottom, choose “Browse rules”.

Paste the name of that rule (XSS, HTML Injection - Script Tag) into the search field, click “Search”, and there is one result:

Click the green switch to shut it off.

Thanks for your help its greatly appreciated. I am a paid user, and followed all the suggested steps but it made no difference.

I was updating and adding pages to the website during the week with no issues and have never had an issue in the past.

Getting a bit frustrated and thinking if just cancelling the subscription

I’m not sure why. Maybe the rule exists at a different level, which would indicate that Cloudflare’s security people think it’s something to really care about. Are you using an up-to-date browser?

Nevertheless, you need your website to work, so you can try allowlisting either your IP address or your entire ISP. If you have a static IP address you can use that safely, but you probably don’t, so we can try allowlisting the whole thing.

In the WAF, choose the Tools tab. You’ll see “IP Access Rules”. In the field for “IP, IP range, country name, or ASN” paste in your static IP address if you have one (if you have one, you probably need to do this twice, once for IPv6 and once for IPv4). If you don’t have a static IP address, paste in your ISP’s ASN number, which according to the info you pasted above, is 4764. Select “Allow” and “All websites in account”.

Now, if this works, it’s worth considering that it leaves a (very small) hole open. But let’s see if it works.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.