Seems like cloudflare is blocking internal API requests


It looks like cloudflare is not allowing my PHP files to call my internal API using Curl.

  • The API response with a 200 code
  • The document content from the Curl request is included (please see below)

When I disable cloudflare there is no issue and the API works as expected.
Is it possible to allowlist my own server / applications?

Thank you!

<!doctype html>

One moment, please... body { background: #F6F7F8; color: #303131; font-family: sans-serif; margin-top: 45vh; text-align: center; }

Please wait while your request is being verified...

You need to set up some form of allowlisting for either your IP address or a user agent to bypass the request checking.

Hi Cyb3r-Jak3,

Thank you for the input.

Can you provide me with some more details / Step-by-Step approach?
… because I’m new to this and pretty easy to create a misconfiguration.

It depends on your setup. If your API is going to be called from a single IP address, then something like

should work.

If you have the API being called from different IPs, then you are going to want to add a header and have WAF check for the header.


Thank you for the detailed explanation!
I’ll do some testing later today…

Yes works like a charm… thanks a lot for the help!!

At first glance (option 1) solved the issue, but after a while Cloudflare starts returning the same HTML…
(I’ve also tried skipping all the available options, but the results remain the same)


The message you’re seeing is not a standard Cloudflare error/challenge message. It comes from a firewall solution many web hosting providers adopt. Please see this answer to a similar topic for details, and a possible work around using a Cache Rule and a WAF Custom Rule:

1 Like

Thank you & sounds very plausible, will look into this and do some testing!

1 Like

Hi cbrandt, yes it was indeed the firewall from my hosting provider that was blocking the requests. Thank you for providing the solution.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.