Subdomains inaccessible with Cloudflare proxy active on primary domain

When we proxy our primary domain the website becomes practically inaccessible. We get constant downtime reports from updown io. When I turned off proxying (DNS-only for www and primary domain) and purged the cache, the site became accessible and much faster almost immediately.

Wondering what’s going on. Are there some settings I’m missing?

Greetings,

Thank you for asking.

May I ask what error do you get, if any?
What kind of web app or CMS you running at your origin host, for example WordPress with some plugins or?

Before moving to Cloudflare, was your Website working over HTTPS connection? :thinking:
If so, did you had an valid SSL certificate installed at your origin host / server which covers both your naked (root) domain any any other needed sub-domain like www, mail, etc.?

May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )?

Are you running some kind of a firewall?
Furthermore, kindly re-check if Cloudflare is allowed to connect to your origin host to as follows in the below article:

Nevertheless, Cloudflare IP addresses list can be found here:

Are those checking ping by the IP address or rather the connection via HTTP(S)? :thinking:
Might be their requests are somehow challenged or blocked due to the Bot Fight Mode or Borwser Integrity Check features being enabled at Cloudflare.
Navigate to the CF dashboard → Security → Overview, to check for any if exists to find out more details which service, rule blocked it and more information about it.

Hello,

Thanks for your response!

We weren’t getting errors, just that the site was taking over 30s to load which gets flagged as downtime. We were seeing the issue ourselves when we visited, not just through reporting.

Here’s an example of the reports:

  • It’s a Wordpress site using a custom theme that we developed.
  • It had/has HTTPS prior to pointing nameservers to Cloudflare, with SSL certificates purchased on our hosting account (MediaTemple).
  • Our www is directing to the non-www version of the HTTPS domain.
  • We have SSL certificates (Let’s Encrypt) applied to all subdomains as well.
  • The Cloudflare SSL/TLS tab is set to Full.

We do not have any firewall plugins in Wordpress. IP address banning and WAF are turned off on our server’s Plesk. There are a few (10) Browser integrity check blocks in Cloudflare Security but they are all related to gnowit bot, not anything tied to updown.

Let me know if you have any other questions.
Thanks!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.