Specific IP Blocked or Honeypot

I am new to Cloudflare. We have been running for a couple months, and mostly everything is going well. I am on a Pro plan subscription.

I found, for some reason, I cannot access the website from a specific IP address. When at home on comcast using ipv6, when I try to load the site, I might get a page or two to load, but eventually the browser sends a request and waits indefinitely for a response. No timeout, just sitting and spinning. Half the time, I can open a new session and try, and it immediately goes into perpetual hold. After getting past the shock thinking the site was offline, and realizing it was only me that couldn’t load it, I started troubleshooting.

If I VPN into my office (different outgoing IP is different) it works fine.

If I bypass Cloudflare in my DNS and go directly to the server, it works fine.

If I access from other computers in other places, it works fine.

If I try to access the site directly from home like normal, it might work for a few pages, but soon (sometimes immediately) a request will stall out, and from that point forward I really can access the site anymore. I have to VPN to the office, then all is good. When I disconnect from VPN I might be able to load a page or three, but eventually (and in short order) it just gets stuck again.

Everything I see indicates to me something in Cloudflare thinks I am nefarious and is blocking me. I look in the “Analytics & Logs” > “Traffic” area and enter my IP in a filter by “Source IP” and I can see my requests for traffic. I just looked right now for the data in the last 30 min and it shows:

When I look under “Security” > “Events” and filter “IP” to my address nothing shows. Event Summary: 0, No Data.

Since the request never times out (from what I have seen) I don’t have a “Cloudflare Ray ID” and I can’t find anything to help me track down what is going on with my page load request. It looks almost like I am being stuck in a honeypot or security trap of some sort.

This is very scary, because if it is blocking me, it could be blocking a client and if I get a support call with that being the case, I have no way to track it down and fix it.

How do I find what is happening?

If you don’t get a page load, then it’s a connectivity issue, not a block. Cloudflare will always produce a page if you are blocked by a site’s rule or security setting or (eventually) the origin times out.

There’s been no more reports for a few days, but may be this…

Thanks @sjr

I know the origin servers are responding because the site works elsewhere, or from home on comcast with ipv6 if I point my home network directly at the origin server and not Cloudflare.

So, any connectivity issue must be between my home network and Cloudflare. As I mentioned in my original post, I can see my requests hitting cloudflare from “Analytics & Logs” but I don’t get a response, and I don’t see any of that traffic in the “Security” area.

I will start a request and let it sit overnight to see what happens… but how else do I troubleshoot this? I see the post you mention about Comcast and Cloudflare in the Philly Area. I am in Arizona, so the other side of the country.

Crossing my figures and hoping someone at Cloudflare or comcast sort out a network routing issue is not an acceptable solution. Do you know if there is a network team or some group this can be reported to that will actually try to look into it? Am I missing anything on the Cloudflare side for debugging?

Response left overnight was still spinning this morning. Connecting to the vpn and the page loaded right up. I loaded a few pages over vpn. then disconnected. My IPV6 has changed slightly, so I go to the site, and i was able to load all pages great. I made about 55 requests all working before one stalled. Now closing all browsers and trying to go to the site homepage, it is stalled out. No response.

I ran tracert before (while it was working) and now (as it is stalled) and am sharing this info in a support incident with Cloudflare.

I seem pecuilure to me all is good till I hit the site with some advanced admin screen loads for a few requests before I am again experiencing a “connectivity issue” where I can no longer load the site. It certainly feels l more like an erroneous security block or honeypot than a connection issue.

It won’t be.

Try my sites here, they will tell you your Cloudflare IP reputation score (zero is good) and if your IP is listed on Project Honeypot. The second one will work if my settings on the first one block you and it’s also a very small page size so hopefully should load for you.

1 Like

Both links load no issue. Threat score says “0”.
It looks good.

So that all looks good, but I can’t load https://makemynewspaper.com/ right now only from this connection. I ran a tracert and it seems fine too. How else can i track down where it is losing connection?

I take that back. I am loading everything fine now.

I will hit my site admin pages again till it goes into a blocked state, then try your links again.

I am posting an update to this saga.

No other users have reported issues accessing the website. This issue appeared to be isolated to my home network, and only after doing some heavy operations in our site admin (loading lots of customers, or orders, or other data).

I could come in fresh, do things till I hit some limit somewhere and then all requests made from that point forward would be sent (I would make a request) but I would never get a response. It was very strange. The browser wouldn’t time out, or return anything. It simply sat spinning, unresponsive, waiting.

The requests were showing up in the cloudflare traffic logs, but not in the security section where we could get a RayID.

I was debugging using the tools and information provided by @sjr (THANK YOU!) in this thread. At no point did the tools show anything wrong with my connection or access to Cloudflare.
I noticed an improvement in being able to access things longer than usual around Wednesday last week. By Friday I was able to do most everything without being blocked or having to VPN.

This week I have been fully operational with no issue. I am unable to reproduce the issue, and everything is working fine.

This is scary because I have no idea what was happening or who was blocking me. I believe it was a connection issue to Cloudflare and being done at a level before I hit my specific services (WAF, rules, etc…) but it resolved before I could track down where specifically I was being captured.