"Many Clean IPs Getting 500 Error – WAF Allow Not Working (menusaz.com)"

Application Security Web Application Firewall
1

What is the name of the domain?

menusaz.com

What is the error number?

500

What is the error message?

This page isn’t working menusaz is currently unable to handle this request. HTTP ERROR500

What is the issue you’re encountering

Many clean IPs are getting blocked or result in HTTP500 error when accessing our domain (menusaz.com) or its subdomains. These IPs are healthy, not listed in any blocklist, and even explicitly added to the WAF “Allow” list. However, when we disable the Cloudflare proxy (gray cloud) and connect directly to our origin server, For example, IP 185.83.112.136 cannot access our subdomains when Cloudflare proxy is enabled. It works perfectly when bypassing Cloudflare (grey cloud mode), which confirms the issue is related to Cloudflare’s edge or WAF filtering.

What steps have you taken to resolve the issue?

  • Checked and confirmed it’s not a server issue (works fine without Cloudflare proxy)
  • Added source IPs to WAF Allow list
  • Switched off security rules temporarily to test
  • Created Rate Limiting rules and JS Challenges to filter bots
  • Observed that certain ISPs may block specific Cloudflare edge IPs

What are the steps to reproduce the issue?

  1. Visit menusaz or any subdomain like kazbar.menusaz.com from various IPs (some will get HTTP500).
  2. Disable Cloudflare proxy for the same domain, and the error disappears.
  3. Issue persists even when IPs are explicitly allowed in the WAF rules.
2

Error 500 isn’t related to the Cloudflare WAF. Sounds more like you’ve got some issue on the origin server to cross-check and fix with SSL or web server.

Currently unproxied :grey:, working fine over HTTPS:

slika
slika607×913 34.9 KB

May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )? :thinking:

Helpful article to allow Cloudflare IPs just in case:

Could you share a screenshot of this error page when blocked? If true, should be HTTP 403 if so.

I’d suggest you to double-check the Security → Events at Cloudflare dashboard under your Cloudflare account for your zone, or via direct link https://dash.cloudflare.com/?to=/:account/:zone/security/events.

You should be able to see the challenged or blocked event under the Security tab → Events at Cloudflare dashboard for your zone and know exactly which security option was triggered.

Once you find them, click on a particular one to find more details about it (user-agent, IP, HTTP version …). If yes, could you share some details which service was triggered that blocked you?

Obviously, the :iran: government blocking :orange: Cloudflare IPs, which is unfortunately already a well know issue I am afraid :frowning:

Main domain is proxied :orange: and working fine over HTTPS for me:

slika
slika1419×1018 105 KB

2 Likes
4

SSL/TLS encryption

Current encryption mode:

Full

Automatic mode enabled 4 days ago.
Next automatic scan on: 06/29.

menusaz.com is using automatic SSL/TLS
Your encryption mode is set to Cloudflare’s recommendation. Override this by switching to custom.

5

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.