Our office IP address is blocked during load testing

Hi team,

We did load testing (using Apache JMeter) and our office IP was blocked. How to unblock our IP?

We get the following message on our site:

Bot Protection Firewall
Blocked because of Malicious Activities
Reference ID: 3188700776627a3355abc1

More details:

WAF (IP acccess rule) is not configured, Bot Fight Mode is disabled.
After blocking our IP, we added the IP to IP Access Rules (Action: Allow). But this didn’t help, looks like our IP is blocked by Cloudflare.

That doesn’t look like a Cloudflare message. Check with your hosting provider if they have a bot protection service and if that is what is blocking you.

2 Likes

It’s a Cloudflare response, I just checked the Response headers in the browser Dev Tools:

Alt-Svc: h3=":443"; ma=86400
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, private, no-store, no-cache, must-revalidate
Cf-Cache-Status: MISS
Cf-Ray: 878e4e86aa5f77b3-KBP
Content-Encoding: br
Content-Type: text/html; charset=UTF-8

Date: Tue, 23 Apr 2024 13:47:40 GMT
Expires: 0
Pragma: no-cache
Server: cloudflare
Set-Cookie:
__cf_bm=o.eoTvDj_hMRCXmHvWa9cPrz4s.X77pUO9q7D5NBElw-1713880060-1.0.1.1-vZcBGGiRvfEXPlGDpA80ND_2YRL5FCIc4ISmcc9UVCHmlLtNuZuI5K3cChAfrT09xNx.jJMhfaQrmJS6wN_NmQ; path=/; expires=Tue, 23-Apr-24 14:17:40 GMT; domain=.lawsuitanalysis.com; HttpOnly; Secure; SameSite=None
Vary:
Accept-Encoding

The response is coming through Cloudflare, that doesn’t mean it’s not from the origin server.

Another user had the same, turned out the source was Cloudways.

Assuming the site you were targetting is your own, you can check for any Cloudflare challenge/block in your security events log…
https://dash.cloudflare.com/?to=/:account/:zone/security/events

2 Likes

Thank you for your help @sjr ,

The Cloudflare event log is empty. Additionally, I tried disabling Cloudflare (Pause Cloudflare) and enabling/disabling Bot Fight Mode. It did not help.

I enabled the proxy and logged into the WordPress site. Someone installed a malcare plugin that has anti-bot functionality. There are no settings for this plugin in the admin panel, just an enabled plugin and that’s it. The plugin is configured via a third-party site: https://www.malcare.com/

I will close this topic as soon as I gain access from the malcare site and make sure that the problem is on the malcare side.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.