Make request to Cloudflare worker from ESP32

Hi, I am using ESP32 with sim800l to call my CF worker.
The worker has a custom domain set up (proxied) -
The worker has initial code, and nothing was added.
When accessing the worker from the browser everything works.
But when I try to make a GET request to my worker from the ESP32, I get a 403 forbidden error.
This is what I get back:

  <title>403 Forbidden</title>
  <center><h1>403 Forbidden</h1></center>

And headers:

http/1.1 403 forbidden
server: cloudflare
date: thu, 23 may 2024 14:50:33 gmt
content-type: text/html
content-length: 151
connection: keep-alive
cf-ray: 8885dbe92d6892b3-fra

Thanks for any help

Check in your security event log for the reason…

If you are making a simple request from an MCU, it’s likely being stopped by a challenge, bot protection, browser integrity check or something similar as the request doesn’t look like one from a browser with a human.

These requests do not show in the security events, the last event there is from 10:59:50 which is 4 hours earlier than my request. I tried turning off the Browser integrity check but still got the same 403 error.

Can you show the request and headers you are sending from the ESP32?

I am sending the request via AT commands guide
The user agent header is the default: SIMCom_MODULE

AT+HTTPACTION=0 //this makes the GET request

After this, I get the 403, and the response is the same as in my original post.

Can you try to request another Cloudflare site?

You can try these test ones of mine which have very simple configurations… (this one will return 302 redirect)

The returned 606 (the sim module supports only TLS 1.0 and SSL 2 and 3) and the returned the same as mine, 403 forbidden with rayID 888689f0bd6a91de-fra.

This link has settings essentially off so it’s either something about the request being made that Cloudflare doesn’t like (I assume it’s sending a host header as not doing that returns a 400) or Cloudflare doesn’t like your IP address for some reason.

What happens if you try http instead (all should offer 301 redirects)?

When I tried with http both returned 301

When I disabled the Always Use HTTPS and tried to access it via HTTP it worked flawlessly.

Yes, the 301 redirects are expected so HTTP is ok.

If the module only supports TLSv1.0 or earlier, it’s probably not very well implemented and for some reason Cloudflare doesn’t like the way it’s making the request over SSL.

[add] Just had a thought. It may be using an old cipher now consider insecure and not used by Cloudflare. You could try HTTPS to a server of your own where you might be able to see the detail of the TLS handshake (since I guess you can’t do that with at the module end).

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.