I'm getting a 403

Website, Application, Performance Security
1

I’m getting a 403 error that can’t get the sitemap since using Cloudflare. I set page rule and WAF rule. What should I do additionally?

page rules

download
download886×529 21.5 KB

cache rules

WAF
URI, contains, *.xml, skip

Note that DDos is turned off.

Please tell me solution and in detail.

4

When you get a block visiting your sitemap, what events do you see logged at Cloudflare Dashboard > Security > Events?

5

Thanks for the answer.

Below is a list of events. can you confirm?

Screenshot
Screenshot820×632 27.5 KB

6

On that panel, you need to filter either by your IP address or by the URI Path containing “sitemap”. Then check the column Service, it will tell you which feature is blocking your request for the sitemap.

7

Thanks for the quickly your response.

Screenshot (1)
Screenshot (1)920×608 19.7 KB

I just changed WAP from UPI to UPI path.

Currently, both WAP and Page rules are set. Where can I check if it’s working properly? I haven’t been able to solve it for several hours. Please help me.

9

Screenshot (2)
Screenshot (2)937×577 23.2 KB

page rules

SSL/TLS : Full
Under Attack Mode : off
robots.txt : uploaded

10

As I told in my previous post, you should filter for either you IP address or “sitemap” in the Security Events panel.

If your WAF screenshot is for an exception (with the Skip action), I do not recommend that you match all XML files on your server, that’s too risky.

Instead, use as conditions:

Known-Bots ON
AND
URI Path contains “sitemap”

11

Thanks, Where do I change Known-Bots ON?
Changed from *.xml to sitemap.

And filtered by sitemap in event. Nothing is confirmed.

12

Screenshot (4)
Screenshot (4)917×641 18.3 KB

WAF

13

Screenshot (3)
Screenshot (3)870×329 7.66 KB

event filter

14

You need to click on AND to add a second condition, then pick the field Known Bot.

After you visit the sitemap URL on your site, it should show there after a few minutes if it was blocked or skipped.

15

Screenshot (5)
Screenshot (5)1021×653 20.4 KB

I changed

1 Like
16

and I did what you said and it was confirmed in the event. Are there any problems now?

Screenshot (6)
Screenshot (6)882×569 21.8 KB

1 Like
17

Good. It’s working now. Make sure to remove that Page Rule where you disable security for the XML files. (You can leave it on with the caching and performance part, but there’s no reason to disable security)

19

Deleted xml rule from page rules.

Screenshot (7)
Screenshot (7)979×501 19.5 KB

1 Like
20

Thanks, but Still I can’t find sitemap in googld search console. :frowning:

Screenshot (6)
Screenshot (6)2744×1416 272 KB

21

It may take a while. Check back tomorrow. That’s on GSC, not Cloudflare.

22

Thank you very much. you are my hero!

1 Like
23

I checked again and still get a 403 error.
However, if I pause cloudflare, the 403 error disappears and the sitemap works normally.
It looks like you need a different setup. can you help me?

Screenshot (8)
Screenshot (8)1412×730 49.4 KB

24

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.