Load Balancing - 403 Forbidden

We’re currently using Pingdom to monitor our uptime and alert us to any downtime. We’re trying to use Cloudflare’s Load Balancing for our root domain brain.fm. We also have other A records for brain.fm pointing to load balancers on multiple service providers. For example, we’ve got:

  • lb-web1-digitalocean.brain.fm -> brain.fm
  • lb-web2-linode.brain.fm -> brain.fm
  • etc.

These are also setup as Origins in the Cloudflare load balancing pools. We have the Cloudflare Load Balancing DNS set to web.brain.fm for testing. When we change the hostname on the Cloudflare load balancer to brain.fm we’ll start to receive 403 Forbidden errors on Pingdom. From our understanding the Cloudflare load balancer DNS A record will take priority over all other A records with the same hostname. Are we seeing the 403 Forbidden error on Pingdom because the DNS A record Pingdom might have cached is the older A record instead of the Cloudflare load balancer A record and Cloudflare is blocking it?

403 Forbidden
Date: Sat, 14 Sep 2019 03:58:38 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Set-Cookie: __cfduid=da87e8a9c1f547c65869c2889d7ee94871568433518; expires=Sun, 13-Sep-20 03:58:38 GMT; path=/; domain=.brain.fm; HttpOnly
Cache-Control: max-age=8
CF-Ray: 515f718f58e4d879-CPH
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires: Sat, 14 Sep 2019 03:58:46 GMT
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Server: cloudflare
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]>    <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]>    <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<title>DNS points to prohibited IP | brain.fm | Cloudflare</title>
<meta charset="UTF-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1" />
<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,projection" />
<!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" type="text/css" media="screen,projection" /><![endif]-->
<style type="text/css">body{margin:0;padding:0}</style>

<!--[if gte IE 10]><!--><script type="text/javascript" src="/cdn-cgi/scripts/zepto.min.js"></script><!--<![endif]-->
<!--[if gte IE 10]><!--><script type="text/javascript" src="/cdn-cgi/scripts/cf.common.js"></script><!--<![endif]-->

  <div id="cf-wrapper">
    <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div>
    <div id="cf-error-details" class="cf-error-details-wrapper">
      <div class="cf-wrapper cf-header cf-error-overview">
          <span class="cf-error-type" data-translate="error">Error</span>
          <span class="cf-error-code">1000</span>
          <small class="heading-ray-id">Ray ID: 515f719000a7d8a5 &bull; 2019-09-14 03:58:38 UTC</small>
        <h2 class="cf-subheadline">DNS points to prohibited IP</h2>
      </div><!-- /.header -->

      <section></section><!-- spacer -->

      <div class="cf-section cf-wrapper">
        <div class="cf-columns two">
          <div class="cf-column">
            <h2 data-translate="what_happened">What happened?</h2>
            <p>You've requested a page on a website (brain.fm) that is on the <a data-orig-proto="https" data-orig-ref="www.cloudflare.com/5xx-error-landing?utm_source=error_100x" target="_blank">Cloudflare</a> network. Unfortunately, it is resolving to an IP address that is creating a conflict within Cloudflare's system.</p>

          <div class="cf-column">
            <h2 data-translate="what_can_i_do">What can I do?</h2>
            <p><strong>If you are the owner of this website:</strong><br />you should <a data-orig-proto="https" data-orig-ref="www.cloudflare.com/login?utm_source=error_100x" target="_blank">login to Cloudflare</a> and change the DNS A records for brain.fm to resolve to a different IP address.</p>

      </div><!-- /.section -->

      <div class="cf-error-footer cf-wrapper">
    <span class="cf-footer-item">Cloudflare Ray ID: <strong>515f719000a7d8a5</strong></span>
    <span class="cf-footer-separator">&bull;</span>
    <span class="cf-footer-item"><span>Your IP</span>:</span>
    <span class="cf-footer-separator">&bull;</span>
    <span class="cf-footer-item"><span>Performance &amp; security by</span> <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=error_footer" id="brand_link" target="_blank">Cloudflare</a></span>

</div><!-- /.error-footer -->

    </div><!-- /#cf-error-details -->
  </div><!-- /#cf-wrapper -->

  <script type="text/javascript">
  window._cf_translation = {};



#CommunityTip 403
#CommunityTip Load Balancing

This topic was automatically closed after 30 days. New replies are no longer allowed.