It looks like cloudflare is not allowing my PHP files to call my internal API using Curl.
The API response with a 200 code
The document content from the Curl request is included (please see below)
When I disable cloudflare there is no issue and the API works as expected.
Is it possible to allowlist my own server / applications?
One moment, please...
Please wait while your request is being verified...
You need to set up some form of allowlisting for either your IP address or a user agent to bypass the request checking.
Thank you for the input.
Can you provide me with some more details / Step-by-Step approach?
… because I’m new to this and pretty easy to create a misconfiguration.
It depends on your setup. If your API is going to be called from a single IP address, then something like
If you have the API being called from different IPs, then you are going to want to add a header and have WAF check for the header.
Thank you for the detailed explanation!
I’ll do some testing later today…
Yes works like a charm… thanks a lot for the help!!
At first glance (option 1) solved the issue, but after a while Cloudflare starts returning the same HTML…
(I’ve also tried skipping all the available options, but the results remain the same)
The message you’re seeing is not a standard Cloudflare error/challenge message. It comes from a firewall solution many web hosting providers adopt. Please see this answer to a similar topic for details, and a possible work around using a Cache Rule and a WAF Custom Rule:
No, it’s not. I’ve faced this problem on my sites and you can see some background issue in this
previous reply to a similar problem. What’s blocking your cronjob is a firewall product called Webshield/Immunify360, which some hosting providers use to protect their infrastructure.
The product inserts an interstitial page (sort of a JS challenge) that causes a 302 redirect to a non-existing page, the wsidchk form you can see in your screenshot.
So when a bot tries to hit the origin and …
Thank you & sounds very plausible, will look into this and do some testing!
cbrandt, yes it was indeed the firewall from my hosting provider that was blocking the requests. Thank you for providing the solution.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.