Some URLS are blocked (403) by cloudflare without asking the origin

leon.rosenberg · March 18, 2021, 4:43pm

I have a very odd behaviour.
I have an image on my site which is blocked by cloudflare without asking the origin.
Funny enough we are using the same backend for different tlds and the image is available in some but in some not:
403:
https://www.thecasuallounge.se/cmsImage/name/lp1113_03.background.old
https://www.thecasuallounge.fr/cmsImage/name/lp1113_03.background.old

200
https://www.thecasuallounge.ch/cmsImage/name/lp1113_03.background.old

I don’t see anywhere in settings where I could possibly blocked it.

Here is an example link to a page which uses the blocked image:
https://www.thecasuallounge.se/aff/aff+cmpd+srs?utm_source=se_cmpd_srs&clickId=&utm_medium

(only on desktop, different image is shown on mobile).
any ideas or hints where to look or how to mitigate would be great!
thanks

leon.rosenberg · March 18, 2021, 9:46am

Small update, we copied the same image under different name and it works so the example page works now. However the original image is still not accessable.

sandro · March 18, 2021, 9:47am

Did you check the firewall event logs of these sites? It should say why it was blocked.

leon.rosenberg · March 18, 2021, 9:50am

Thanks for the hint, didn’t know where to search for it. It says:
Rule ID
100038A
Filter Exclude
Rule message
Information Disclosure - File Extension
Rule group Cloudflare Specials

sandro · March 18, 2021, 10:01am

I presume you are on a paid plan, right? This will be WAF then and seemingly a default rule which blocks requests for .old files. You’d need to disable that particular rule in this case.

Are the other domains on a paid plan as well?

sandro · March 18, 2021, 9:52am

It’s on page 10 of “Cloudflare Specials”

leon.rosenberg · March 18, 2021, 9:55am

Yes. It is funny, that it works on the business plan and not on personal plan. I will rename the file, it doesn’t need to be named “.old”, an odd name for an image anyway. Thank you for the hints!

sandro · March 18, 2021, 9:58am

Yes, if renaming is an option I’d rather go for that. Otherwise disable the rule.

Though on the Business plan it should equally be blocked if WAF is enabled and you didn’t change the setting.

leon.rosenberg · March 18, 2021, 10:02am

I checked the business plan and the rule is enabled there, but the image is still served. Maybe on business the WAF actually looks into the content?

sandro · March 18, 2021, 10:05am

Shouldn’t be the case. If it is enabled and WAF is enabled too (did you check?) it should actually get blocked. If not you might almost want to open a support ticket for support to check out what’s not working

leon.rosenberg · March 18, 2021, 10:08am

You are right as always. The rule was enabled, but I didn’t check that WAF was disabled.
Now the image is blocked in .ch as well.
Thank you very much for the support!

AppleSlayer · March 18, 2021, 1:37pm

This post was flagged by the community and is temporarily hidden.

system · March 21, 2021, 1:37pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.