Hi,
It looks like cloudflare is not allowing my PHP files to call my internal API using Curl.
When I disable cloudflare there is no issue and the API works as expected.
Is it possible to allowlist my own server / applications?
Thank you!
Response
<!doctype html>
You need to set up some form of allowlisting for either your IP address or a user agent to bypass the request checking.
Hi Cyb3r-Jak3,
Thank you for the input.
Can you provide me with some more details / Step-by-Step approach?
… because I’m new to this and pretty easy to create a misconfiguration.
It depends on your setup. If your API is going to be called from a single IP address, then something like
If you have the API being called from different IPs, then you are going to want to add a header and have WAF check for the header.
Thank you for the detailed explanation!
I’ll do some testing later today…
Yes works like a charm… thanks a lot for the help!!
At first glance (option 1) solved the issue, but after a while Cloudflare starts returning the same HTML…
(I’ve also tried skipping all the available options, but the results remain the same)
Hi,
The message you’re seeing is not a standard Cloudflare error/challenge message. It comes from a firewall solution many web hosting providers adopt. Please see this answer to a similar topic for details, and a possible work around using a Cache Rule and a WAF Custom Rule:
Thank you & sounds very plausible, will look into this and do some testing!
Hi cbrandt, yes it was indeed the firewall from my hosting provider that was blocking the requests. Thank you for providing the solution.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.
