Monitor Zonelock down working - Check that website is not being accessed through public internet


I have been trying to use Health Check for checking if my website is now not exposed to the public internet.
However, health check says its up and running and probably because it goes from the cloud services and not limited to the zone lockdown.
Is there another way to monitor it? how can I make sure its actually working and being alerted if someone disable the rule, or if somehow it got exposed? is there another tool?

You would need to use a 3rd party monitoring service to do this. Who are you anticipating will disable the rule? It might be better to focus on making sure your account security is good (e.g. you have enabled 2-factor auth with a hardware key or TOTP) and that nobody is invited to share your account who shouldn’t be.


Is it possible to monitor through Cloudflare that the URLs are actually blocked (zone lockdown) and to alert if somehow one of the URLs is exposed to the public internet?
Do I need to use another tool? if so, what could I use? Pingdom or something else?

If you’re on a Paid Plan, you can use Health Checks. I’m not entirely sure if that feature resides inside or outside Zone Lockdown.

@sdayman - Used health check but it seems like it ignores the zone lockdown and see the website as public

Whether or not CloudFlare is showing the site as allowing public internet traffic, unless you have locked the server hosting your website down to only answering allow-listed IP (i.e. CloudFlare IP ranges) then bots could still randomly try your server IP directly.

@benhelps I have locked the server using inbound rules in AWS security group to only Cloudflare IPs are allowed.
And I have tested it myself and was able to see that I have status code 403 forbidden.
However, the health check still shows status code 200 (OK)

@simon It could be human error.
Or that we miss using the many rules some URLs and we want to verify that we included them.
Anyhow, if its not possible using health monitor, which tool would you recommend?

I don’t have a specific recommendation I can give but perhaps some other folks in the community might share their experience with you of which 3rd party monitoring tools are recommended.

Ah, I see now. You can try It’s free. But since it’s actually looking for uptime, you’ll probably get a down alert when you enable zone lockdown, then get an Up alert if the lockdown is lifted.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.