Domain1 (D1) = e-commerce site
Domain2 (D2) = hosts content for domain 1
The content for D1 is fetched via API from D2 and this works fine. The issue I am having is with images which are also on D2 but are fetched using a reverse proxy on D1, the reverse proxy was added to D1’s nginx config;
This has worked great for over 12 months, however last week, (no changes to nginx config or any other configs that I am aware of) images were not being displayed on D1. Upon inspection, the issue is that images fetched using the reverse proxy are getting a 403 forbidden error from cloudflare.
For now, I have had to disable cloudflare for my domains as the D1 is a trading website, and this has fixed the issue, however, I was wondering if anyone would be able to shed some light on this?
The only thing I could think that may have been causing the issue would be with Scrapeshield, however I have checked that this is not turned on.
I tried turning cloudflare back on, but within an hour the issue reappeared.
thanks for the reply, I tried turning clouflare back on and it is now giving the 403 error again. Yes, I pressed the ‘Pause cloudfare’ button on the Overview page in the cloudfare console which will fix the issue, but is obviously not the solution(!).
Thank you, I’d check for blocked IPs with your hosting provider. The screen shot of the error is really helpful, note that if you’re seeing a black & white 403 Forbidden error page without Cloudflare branding, this is always returned directly from the origin web server, not Cloudflare, and is generally related to permission rules on your server, either a permission rule you have set or an error in the .htaccess rules, Mod_security rules, or IP Deny rules. Make sure that Cloudflare’s IPs aren’t blocked. (Pulled from Community Tip - Fixing Error 403 Forbidden)
No, if it was a Cloudflare error you’d see a color page with cloudflare branding, not the black & white error message. This error you’re seeing is from your server.
OK, thanks for clarifying this. It still has me rather confused though… The error clearly is something to do with using Cloudflare, because if I use the Cloudflare pause feature everything works again (and Cloudflare is somehow listed at the bottom of the 403 error!).
I have checked my nginx logs for all sites, but there are no mentions of the 403 errors there - which is most odd?
I have checked firewalls but there are no IPs blacklisted.
Obviously not a htaccess issue as it is an nginx web server.
I am fairly stumped at the moment, so if anyone has any further suggestions it would be appreciated, thanks
Can you please explain the relation between thecodestore.co.uk and tcs.yodah.app domains? I’m seeing you specify the same URL exactly under the two domains… how is the site hosting the image different from the URL? Are you, like, reverse proxying it?
@cloonan, any chance any of this can be related to the feature that blocks hotlinking? @ash1, can you see and make sure this option is disabled? It’s on the last tab in the dashboard, “Scrape Shield”… the description of the feature says " Note: Hotlink Protection will deny access to requests when the HTTP referer does not include your website domain name (and is not blank).", which sounds promising for a 403 from Cloudflare…
Hi @shimi, if you look at the original post it shows the config - yes it is a reverse proxy.
I also checked the scrape shield setting - this is not turned on.
I have another question - I understand cloudflare error pages are normally graphical, and the one i am seeing is black and white text, however, how does the text ‘cloudflare’ end up at the bottom of it?
thanks
EDIT:
After further digging, I have a feeling that the issue is something to do with the SSL certificates. At the moment all sites are set to SSL Full (Strict).
Does anyone know if the SSL cert for D2 needs to have any special config to accept the reverse proxy from D1?