OVH domaine with VPS - Use Cloudflare free - Error 403

Hello,
Please, can you help me,

How can I make my domain tiger-green.fr from OVH redirect to Virtualhost /var/www/tiger-green.fr from my VPS ? I use Cloudflare free.

I have a error 403.

Configuration in pastebin ( because i have 2 link and more, for my Vhost config )

Thank you for your help.

https://pastebin.com/aqCLQhsX

That is something you will need to configure on your server. You best clarify this on StackExchange, as that is not strictly related to Cloudflare.

I read :

Custom Nameservers ( Business plan )
Custom nameservers allow you to create your own, unique nameservers in place of your assigned Cloudflare nameservers. To switch to using custom nameservers, first create them here, then add them as glue records at your registrar.

Is it possible that because I have several VirtualHost, for several domains, the free offer of cloudflare redirects only to the IP address of the VPS, and, therefore, I cannot configure the servername to choose the one tiger-green, for the redirection ?

Virtual hosts are unrelated to nameservers.

What you first need to do is set up your site properly on your server (including SSL) so that you can properly load it from there. Once that works you can add it to Cloudflare.

This is already the case, all my domains and subdomains work.

I have experimented with changing the DNS for one of the domains, which works perfectly in normal times, and, this blocks me at the IP level, for no reason.

This tells me that it is the server that blocks, certainly, but without any error message to identify the problem.

With OVH DNS, my VirtualHost redirects well to the domain, therefore, using VirtualHost, the certificate let’s encrypt, and, the configuration is valid.

Then you shouldnt get a 403, which you currently do however.

If your server blocks anything, the configuration wont be correct and you simply need to fix that.

My server is blocking robots with Bad Bot Blocker, I have the firewall, fail2ban, but, everything works if I have OVH’s DNS.

The site is perfectly functional, in normal times.

I do not see how to approach this configuration, since I have no information on what is blocking, except for the error message 403, refused by the server, in error.log.

I do not understand the answer concerning “servername” because yes, virtualhost go hand in hand with servername, since each virtualhost in place on my server has its own servername.

I have the impression that we cannot redirect, if we have several servername, with the free offer, but, I may be wrong.

As I said, you should get your site working first before you even consider Cloudflare.

Go to the Overview screen on Cloudflare, scroll to the bottom, and pause Cloudflare. Then, sort out whatever needs sorting out and whenever your site is properly working on HTTPS, you can unpause Cloudflare.

Thats it.

My sites work, with OVH’s DNS.

I whitelisted the IP addresses of cloudflare, on the virtualhost which manages the listening of my IP address from the VPS server.

From then on, I no longer have the 403 error.

On the other hand, it is the page index.html of the directory / var / www / adresseip which answers. The correspondence is not made to the virtualhost used for my domain which is in / var / www / domain

I come back to what I think is the problem, the server name, and, if I understand what I copied and pasted previously, I can’t point to my ServerName with the free cloudflare offer.

If someone can confirm that I understand what is written black and white, in the cloudflare interface, that a business offer is needed, thank you.

Sorry, but we are going in circles here. Assuming your server IP address ends in 195, then no, your site does not work at all but always returns that 403 in French.

As I said numerous times, you need to fix your server first. Pause Cloudflare, fix your server, and then unpause.

I have disabled Cloudflare now.
I then get a 403 error.

I put back the cloudflare IP addresses as authorized again, as I did earlier.

The site is displayed correctly, in https: //

So yes, the site works perfectly.
Yes the site is in https: //
Yes, cloudflare is disabled.

No, if I activate cloudflare, the site returns to the IP address page, which corresponds to my VirtualHost / var / www / ipadress

Thank you anyway for your patience and attempted resolution.

So I understood that I had to add the addresses of cloudflare, to take them into account in my security policy.

So I was able to verify that my site works when cloudflare is deactivated, the let’s encrypt certificate and the virtualhost works, since the site works.

I confirm that once cloudflare is activated, I am redirected to the ip of my server, which displays a simple index.html page. No visitor is supposed to pass through to navigate.

That is what I have been saying all along.
You need to fix your server configuration.

Do that and once everything is working you can enable Cloudflare again.

Look, i have write, after that, i have add ip from cloudflare to my virtualhost from /var/www/ipadress

Then, website work with https. ( You can access with https://www.tiger-green.fr )
Use tor if you have test before, because fail2ban is strict, 3 error 403 when you test a direct ip access and you are ban.

Cloudflare is disable.

Then, we are ok ! My website work ! Cloudflare si disable.

Right now your site doesnt load at all, that might be that ban, but you need to fix that.

Anyhow, your site does end in 195 and that is EXACTLY what I have written before. Your site simply does not work, I am not sure how many more times I need to write that.

Fix your site and remove that ban too, otherwise any debugging is impossible.

Plus, if your site bans IP addresses, it cant work via Cloudflare either, as that will ban the proxies. You best remove that feature.

I assure you that the site works.
You must have been banished previously and cannot seem to observe the new modifications.
Use Tor Browser, if in doubt. I rendered it, and, I changed ip several times to make sure. My site is accessible worldwide.

This protection is perfectly legitimate, it is the job of fail2ban.
All Cloudflare IPs are allowed.

Require ip 103.21.244.0/22
Require ip 103.22.200.0/22
Require ip 103.31.4.0/22
Require ip 104.16.0.0/12
Require ip 108.162.192.0/18
Require ip 131.0.72.0/22
Require ip 141.101.64.0/18
Require ip 162.158.0.0/15
Require ip 172.64.0.0/13
Require ip 173.245.48.0/20
Require ip 188.114.96.0/20
Require ip 190.93.240.0/20
Require ip 197.234.240.0/22
Require ip 198.41.128.0/17
Require ip 199.27.128.0/21
Require ip 2400:cb00::/32
Require ip 2405:8100::/32
Require ip 2405:b500::/32
Require ip 2606:4700::/32
Require ip 2803:f800::/32
Require ip 2a06:98c0::/29
Require ip 2c0f:f248::/32

The problem does not come from this protection ! I say, my website work ! Really !

The site did not work before, so I doubt it works now.

Remove the firewall entries, otherwise it is impossible to debug or say anything else.

Do not doubt. The site works.

I host 20 sites, which work.
Joomla, Wordpress, Mediawiki, Redmine.

The problem does not come from the firewall;)
Use a VPN, and, see that everything is fine.

Only activating Cloudflare means that the page is not redirected to the correct virtualhost of the servername but to the one listening to the ip address.

If I only hosted one site, then the problem would already be solved.
The redirection would already be functional and the site accessible.

This is why I ask if this is a servername problem, since it is written in the free offer, that to configure the servername, you must have the business offer.


From the Cloudflare Panel, SSL/TLS

Use Full (strict)
Encrypts end-to-end, but requires a trusted CA or Cloudflare Origin CA certificate on the server

Now, i can use my Website, with Cloudflare Active.

Then, you see, my Website work, and, it’s not necessary to empty the firewall.

Thank you for the courage and the effort of the discussion, it pushed me to make the different Cloudflare IPs authorized on my server, in the VirtualHost file which treats listening only on the IP address.

Thank you for the advice to deactivate the Cloudflare service, in order to verify that the site works correctly in https: //

I did not need to make any other changes, only allow cloudflaire IP addresses, for the VirtualHost listening for the IP address.

The site then works correctly with Cloudflare deactivated.

From Cloudflare, I reactivated the site, and, I went into strict FULL mode for SSL / TLS.

Now, access to the https://www.tiger-green.fr site is working.

I still have to test if the mails work because I read that configurations are also necessary, but, that is another subject.

[Resolved]