Some users receiving 403

It has been a number of days now that some of my users are receiving error 403 access denied and this page stay stuck in their browser untile they clear the browser cache. This rate has increased in the past few days, and we are wondering what is causing this.

What is the website?

igihe dot com

I get challenged on entry to the site when using a browser or command line check. Have you set WAF rules to challenge or block a lot of sources? Or have you enabled “Under attack mode”?
https://cf.sjr.org.uk/tools/check?b9ec8772e93148aab835ba3aec6f0ec5#connection-server

I haven’t enabled under attack mode, but we do challenge certain traffic sources yes, but the ones that are currently being blocked with 403 are sources from non restricted areas, and none of our rules include returning forbidden error this is purely from cloudflare and we can’t seem to figure out where this rule is emanating from.

If users are getting a block message from Cloudflare, there should be a ray ID on the page. Look that up in your security events log here…
https://dash.cloudflare.com/?to=/:account/security/events
…and that will tell you why they were blocked.

Is there a way to filter events by returned error codes? my custom error page might not include the ray id , that I am being share by my visitors when they get blocked.

All security events will return 403 anyway, so that won’t help. Perhaps just add the ray ID to your custom error page.

What is the html code for displaying a ray id ?

#echo var= “REDIRECT_STATUS” →

WHat is the equivalent for ray id?

Use ::RAY_ID::

Okay, I have updated the 403.shtml page and now I wait for the next issue to capture the ray_id,

I have added ::RAY_ID:: to my custom erro page and instead of returning the ray id , it is displaying ::RAY_ID:: On the HTML page Instead.

When you say “custom error page”, are you using a Cloudflare custom error page, or just a custom error page on your own site?

::RAY_ID:: is for the former…

If you are using the latter, then the header to extract is cf-ray

…but in that case the 403 page is coming from your origin server, not the Cloudflare edge so any block there is down to your origin and won’t show in Cloudflare.

I am using an error page on my own site and this is the code on the 403.shtml file. But there is inn’t any ray id :
image

That error is from your origin server. Can you try in incognito mode and/or clear browser cache, site loads fine for me.

Actually clearing browser cache, somehow fixes the issue for most user but I do not understand why the error page gets stuck in the user browser cache shouldn’t this clear away after some minutes at least ?

Your 404 page may say 404 in the text, but you are returning a 200 (success) code with it, not 404. So any browser (or caching mechanism like Cloudflare) thinks this is a valid page.

Check you are not doing the same with a 403 error code.

The returned error is 403.shtml and the server is returning this for url index.php but then this stays in the user browser for as long as he hasn’t cleared their cache.

As mentioned, the name of the page, and the text on the page, doesn’t mean you are returning a 403 http code. You need to verify that you are returning a 403 code when your 403 page is called by the error handler.

I can’t generate a 403 on your site (unless you can give me a link to a page that will do it), but the 403.shtml page when requested directly returns 200 (although that may not be what happens for a true 403 error).

As I said above, if you are returning a 200 code for your 403 page, then it will be not be treated as an error and cached as if it was a normal page.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.