This website is using a security service to protect itself from online attacks

Please Help - I get these types of messages like "This website is using a security service to protect itself from online attacks."

I have created the rule for the same. but previously that was not happening. Generally, I get this type of message when I access the backed. then I simply allow my IP address. the issue is resolved. but now I can’t do it. I think the new update has been made for security on Cloudflare. Now the thing is how to fix this issue. when I disable this rule. I’m able to access my site.

I want the rule will be the same as it was before. but how to access my backend.


I am sorry to hear you are seeing an error 1020.
May I ask if this error you got when visiting your own website or someone else’s?

May I ask you to post a screenshot of this Firewall Rule? (kindly mask/hide your IP) when sharing)

May I ask what is the position and where is that Firewall Rule located?

Is this the 1st rule from above on the Firewall Rule list in your Cloudflare dashboard → Firewall → Firewall Rules?

Does it mean even if you disable the rule which allows only your IP, it does not work and you still cannot access the site (you see the 1020 access deniad page)?
May I ask how much time did you waited after you disabled this Firewall Rule? (usually needs few minutes to apply the changes)

If so, kindly navigate to Audit Log and check what has changed for this particular Firewall Rule.

Maybe you changed if IP does not equal o equal or the action from block to allow or vice-versa.

Maybe related to the recent issue here if the Firewall Rules does not apply:

Regarding Cloudflare 1020 error, may I suggest you to try looking into below articles to troubleshoot the issue:

1 Like

For security reasons I just removed the screenshot.No, there is no issue with the website. it’s working fine. but not able to access my backend. I can access my backend if I disable the rule. I don’t know how to hide or mask the IP.

the position of the rule is the third. i don’t wait once I add the IP address and it works instantly.

I have two suggestions:

  1. Take a look at the Firewall Events Activity Log and look for the block entry. Click on it and inspect all the data. It should be clear why your request does not match the exception in your rule. It could be that you accessed it with IPv6 (or something else).

  2. Don’t use a firewall Rule to block back end access. Use “Access” instead. (see below)

If you posted the Firewall Rule (it’s ok to black out IP addresses) and what you’re trying to do with it, we might be able to help you fine tune it.


but I’m not sure about it how it was working before?

I’m afraid it’s impossible to answer that.

if i remove the fire rule then i think its easier for hackers to hack the website

Thanks for your reply. the issue has been resolved automatically

1 Like

There are multiple ways around that, including…

  • Using Full (Strict)
  • Having an active SSL certificate
  • Having an origin certificate
  • Having SSL/TLS security setting set to “High”
  • Using rate-limiting (Note: This feature has to be paid for if too many requests are “rate-limited”! The first 10,000 requests across your website are free, then $0.05 for every 10,000 requests after! Please also note that the limit resets every new billing cycle)!

To learn more about site protection features, please visit!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.