Legitimate user from Germany is being blocked and unable to access the website

Hi,

The question is related a user that was blocked and could not view the webite from Berlin, Germany.
When he tried to browse to the website, he got the Cloudflare screen “Sorry you have been blocked, You are unable to access ****.org”.

The CF Ray ID that he got at the bottom of the block message screen was: 866f7eac696b4d9d.
His IP address was 89.247.174.195.

I add that we do use some WAF rules on CF to challenge users by country, and Germany is one of the countried we challenge users from (We had an attack several months ago that part of it came from German IP addresses).

Could you please examine his RAY ID and IP and tell us why CF blocked him from accessing the website. He is a legitimate user and if the challenge scored him as a potential threat, shouldn’t he got at least a sort of a captcha challenge to check that?
What may we do in order to let this user browse the website?

Best wishes,
Maor

You can check yourself. Find the ray ID in your Security Events Log in your dashboard here…
https://dash.cloudflare.com/?to=/:account/:zone/security/events

You can then see why and adjust your WAF custom rules accordingly.

2 Likes

In the firewall events log, if the action taken is “managed challenge” - is there a way to understand if that IP has passed the managed challenge successfully, or was blocked?