QUICK app messed up whole CloudFlare DNS

Hi,

few weeks ago I installed QUICK app and tried to setup landing pages for one domain, which only serves sub-folders, while root/main domain is just one “Access denied” page. As this app did not work properly, I abandoned it (not uninstalled, but deactivated only). I just tried to display “Denied” plain text on every non-existent URL request.

But today I found out, that “Denied” was displayed also on existent and fully valid URLs under this domain. Actually every link, related to this domain, showed “Denied” plain text.
Ou, sjit… that’s wrong…and I uninstalled the QUICK app.

But now, a day after, I simply cannot get this domain back to work properly. I purged all cacke, checked page rules… but no, it acts REALLY WEIRD:

  • when accessed ANY URL under this domain, it lands on some ANCIENT JOOMLA 404 page.I do not have those on any of my servers!!!??
  • when I try to go from HTTP to HTTPS, it displays some other domain content??!!

What else, beside CACHE PURGE, can I do to reset the mess, which QUICK app obviously left behind? Should I simply remove it and re-add to CloudFlare instead?

I haven’t used this App and not familiar with it.

Therefore, may I ask you to check your Account Audit Log at the Cloudflare Dashboard to see what exactly has changed, if in terms of values of your DNS records for your domain name?

Something like “custom error pages” or rather as the app states “401” (password protection)?

You might try to use Firewall Rules to restrict the access for the needed URI path like “/administrator” or “wp-login.php” for example only to your IP, or a VPN IP, or country, etc.

Nevertheless, may I suggest to try out Cloudflare Access / Teams:

Thank you for your suggestion.

In the meantime I found out my problem was a mix of coincidental weirdness, where ingredients were:

  • on my server the owner of this particular domain accidentally deleted WEB settings for the domain in question via control pannel
  • in the same week another customer of another domain, which was created first on this server many years ago changed his error pages to fake Joomla error pages, so to try to trick hackers
  • DNS on CF were correct

As a result, http requests were sent to target server, but he did not have configured root domain for this domain. Nginx by default drops down to first domain by index, which was the domain configured first. That domain did not have requested page to display, so it returned 404, which was (fake) Joomla 404 page. As transaction was enveloped by CF SSL, I did not figured it out sooner, but rather later.

Regarding Firewall Rules …I tried, but failed before, because I want to deny access to root domain domain.com and www.domain.com, but would allow all sub-folders and subdomains (if not 404). Could that be done?

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.