Speed test returns 403 while curl shows 200

Website, Application, Performance
1

What is the name of the domain?

What is the error number?

403 error

What is the error message?

403 error

What is the issue you’re encountering

When checking Cloudflare speed test on all our pages we get status code 403

What steps have you taken to resolve the issue?

Followed this tutorial, especially point 6 and 7: Community Tip - Fixing "The Speed test could not run"

When testing curl we always get 200 status code, e.g. here: https://reqbin.com/curl or here https://tools.keycdn.com/curl
Also we added Known Bots to WAF rules.

What are the steps to reproduce the issue?

Check any page of the website with the Cloudflare speed web test. It always returns a 403 forbidden.

2

Are you able to see a security event right after you run the speed test?
You should be able to see what you have implemented that is blocking this, if it is Cloudflare.

You should also see a rayID in dev tools when getting the 403, you can then search this in security events and adjust the rule if it is Cloudflare blocking:

3

Hi @dmartin1 , thanks a lot for the hint. I looked up now the events after running another test. I found this:

Cloudflare-Web-Performance-Security
Cloudflare-Web-Performance-Security1920×911 72.5 KB

It was caused by the Bot-Fight-Mode. When disabling the Bot-Fight-Mode (but keeping all WAF rules active) the Speed test works. I think this is not as intended.

Any clue how Speed Test will work with Bot Fight enabled?

Thanks

4

Hello,

You can configure a skip rule (Custom WAF rule) for the specific IP Address to bypass Bot Fight Mode.

Kindly review this link : Configure a custom rule with the Skip action · Cloudflare Web Application Firewall (WAF) docs

Thank you

5

Hi @harshinik ,

we can certainly do this. Will the IP-Adresses from Cloudflare always be static, from where the speed tests are performed? If yes, we can allowlist them. The 1st WAF rule on top is already allowlisting Cloudflare Bot but this did not help as long the Bot fight mode is enabled.

Cloudflare-Firewall-Rule
Cloudflare-Firewall-Rule1920×911 58 KB

Thanks

6

This topic was automatically closed after 15 days. New replies are no longer allowed.