Matomo (Piwik) Login Error

I am using a self hosted Matomo (Piwik) but since I started using Cloudflare, I have been getting this login error:

Error : Form security failed. Please reload the form and check that your cookies are enabled. If you use a proxy server, you must configure Matomo to accept the proxy header ( that forwards the Host header. Also, check that your Referrer header is sent correctly.

I have tried adding the code to the config.ini file as stated to configure Matomo to accept the proxy header but it doesn’t solve the problem. The only way I can login to Matomo is to turn Cloudflare Development on. Can someone help identify a fix for this problem?

I remember doing that on a Piwik site before, and it worked.

Did you remove the ; at the beginning of the HTTP_CF_CONNECTING_IP line?

I did but what is strange is that the results do not seem consistent. By that I mean that when I first try to login, I get the same error. When I try a second time, I can login. After signing out and trying to login again, I get the same error but can login after the second attempt. However, other times I will get the error every single time and can never login.

Not sure what to make of it…

That could be a cookie error. That usually happens if there’s some weird caching going on. Do you have any Page Rules for caching?

2 Rules
Always Online: On, Cache Level: Cache Everything, Edge Cache TTL: a month
Always Use HTTPS

It’s Rule #1 that’s causing the problem. You’d have to create a new and put it above Rule #1 that matches the URL of your Matomo installation and give it a Cache Setting of Bypass Cache.

With Cache Everything, not only is login broken, but your stats might also be broken Matomo URLs are cached and those aren’t getting through to your server.

Okay, I setup the new rule and now seems to be working.

However, when I logout of Matomo, the URL is changes to

When I try to login from this URL, I get the error again but it does allow me to login after the 2nd login attempt. If I use the standard index.php login page URL , I can login on the 1st attempt.

Question: Should my page rule be* or should it be ?

I suggest you bypass everything in your analytics folder, so a match to*

For good measure, do a Purge Everything in the Cloudflare cache.

That didn’t work.


After Matomo logout, the URL changes to

The above URL will not allow me to login again from there but after the first failed attempt to login, I the URL changes to

From this URL, I can login in the 1st time. Not sure why this is happening but it only occurs behind Cloudflare.

This topic was automatically closed after 14 days. New replies are no longer allowed.