The first click of the page is blank after implementation of allowing Cloudflare's IPs

Enter #CommunityTip & the error message you’re seeing to find Community Tips with advice and insight.

Search before you post. Please search for any existing topics relating to your subject before posting.

Recently, our web site implement Cloudflare’s IP for our web site only in order to stop Likely Automated bots. However, we found out that many pages are blank when we click the first time, and then we need to re-click 2-3 times. The page is returned to normal.

Please advise us if we have something missing in setup and kindly refer to the following:

http://yourdomain.com/cdn-cgi/trace
fl=445f100
h=www.buyoyo.com
ip=202.130.86.162
ts=1642139755.793
visit_scheme=https
uag=Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
colo=LAX
http=http/3
loc=HK
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off

Our setup are as follows:

I.SSL/TLS
-Your SSL/TLS encryption mode is Full (strict)
-SSL/TLS Recommender - On
-Always Use HTTPS - On
-Minimum TLS Version - TLS 1.0(default)
-Opportunistic Encryption - On
-TLS 1.3- ON
-Automatic HTTPS Rewrites - On
-Certificate Transparency Monitoring - On

Origin Server

-Authenticated Origin Pulls - On

For Firewall setting is as follows:

-Security Level - High
-Action -Challenge

  • Page Shield - Enable Page Shield

The “On” setting items are as follows:
-Privacy Pass Support-On
-Enable Application Firewall - On

  • Cloudflare Managed Ruleset (ALL)
  • Package: OWASP ModSecurity Core Rule Set(ALL)
    (Sensitivity->High, Action->Changllenge)

Bots

Configure Super Bot Fight Mode

-Definitely automated -allow
-Verified bots - allow
-Static resource protection - disable
-JavaScript Detections - disable

Setting

-Security Level - High
-Challenge Passage - 1 week
-Brower Integrity Check - Enable
-Privacy Pass Support - Enable

Speed

-Polish - Lossy
-Auto Minify - JavaScript, CSS, HTML enable
-Brotli - Enable
-Optimized Delivery , Early Hints - Disable
-Enhanced HTTP/2 Prioritzation - enable
-TCP Tubo - Enable
-Mirage - Enable
-Rocket Loader -Disable(Cannot add items to shipping cart by the mobile users if we enable this feature)
-Automatic Signed Exchange (SXGs)-Disable
-AMP Real URL -Enable
-Mobile Redirect - Disable

Caching

-Argo Tiered Cache - enable
-Caching Leve - Standard
-Browser Cache TTL - 6 months
-Crawler Hints - Enable
-Always Online-Enable
-Development Mode-Disable

For the Network "ON"setting are as follows:

-HTTP/2-On
-HTTP/3 (with QUIC)-On
-0-RTT Connection Resumption-On
-IPv6 Compatibility-Disable
-gRPC-Disable

-WebSockets-Disable

-Onion Routing - Disable (The mobile user cannot visit the web site if we enable this feature)**
-Pseudo IPv4- OFF**
-IP Geolocation - Disable**
-Maximum Upload Size-100MB

Thanks for your help!

Regards,
David Ho
http://www.buyoyo.com

Greetings,

Thank you for sharing feedback informations about your website and features you have got enabled and/or disabled at Cloudflare four your domain name.

I can reproduce this at my end:

I see some CORS errors Cross-Origin Request Blocked shown at the Developer Console of my Web browser.
And some sha512 errors related to JS resources.
An style/rating.css file returns 404 not found.
Some Uncaught TypeError: RHSlots is null too.

May I ask does it work normally when you temporary enable the “Pause Cloudflare for this site” option from the Cloudflare Dashboard?

1 Like

Thanks for your Help!

Sorry for not enable “Pause Cloudflare on site” as we are using Cloudflare’s SSL certificate and we would receive many Likely Automated bots attack

Can we enable “Development Mode” for this case?

May I ask if you are using Cloudflare Origin CA Certificate or?

Yes, or this → at least to disable Cloudflare cache + Purge Everything (manually), but if it would continue to happen, then it is the origin host/server to troubleshoot about the issue?

1.Your SSL/TSL encryption mode is Full (strict)
Ans.: We use Advanced certificates and pay US$5 monthly) (which supersede legacy [Dedicated Certificates]. I have no idea for Origin CA Certificate

2.Development Mode - turn off
It is better

Thank you for feedback information.

I still experience the same “white screen”.

We do not know if some of our origin HTML are not standard format or not.

Now, we go to Web Analytics \Manage Site and

Disable automatic setup
Install JS Snippet

It seems better. Please advise us if we need to stop some services on Cloudflare so that we can eliminate these white pages 100%.

As we know, it worked before and we do not if we open some services for making these errors.

We would be appreciated if anyone can provide some suggestions.

Thanks a lot !

Also, we found out that the web site generate huge of 304 Not Modified.

We do not know if we need to disable some features in order to avoid the blank page.

Thanks for your help!!!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.