Unbranded cloudflare 403 errors intermittently

ssl

#1

Hi there

I’ve been getting unbranded 403 cloudflare errors on my site for the past few weeks, for a few minutes at a time, thorughout the day.

I think the problem is that Cloudflare is unable to connect to my origin server securely, so it gives a 403 error.

At first it was because my server had AutoSSL renewing a Let’s Encrypt certificate, and AutoSSL failing because it needs a http redirect but I have a Cloudflare rule that redirects all http traffic to https, and then the origin cert failed and thus cloudflare couldn’t connect to origin.

I have now bought a dedicated cloudflare edge certificate and disabled the universal ssl. I have also generated a cloudflare origin certificate, installed that on my website, and disabled Let’s Encrypt and AutoSSL.

Despite the SSL settings being ostensibly correct, I still sometimes get the 403 error when trying to access my site. The odd thing is that after maybe 15 minutes the problem goes away and might not come back for a day, sometimes the problem lasts for hours.

I’ve exchanged dozens of messages about this with my hosting provider, but because the problems are so intermittent, it’s hard for them to reproduce, and diagnose.

My Cloudflare settings:
SSL: Full
Edge certificate: Dedicated
Origin certificate: Installed on cPanel
Always use HTTPS: Off
Authenticated origin pulls: Off
Min TLS version: 1.0
TLS 1.3: Enabled
Universal SSL: disabled

Both domain and www.domain go through cloudflare

Minify all off.
Railgun off
Brotli off
Rocket loader off

Reproducing the issue is difficult, as there are no settings that I have changed between the site working and not working.


#2

Hmm, by unbranded you mean a generic 403 error without any Cloudflare styling? Are you sure this is coming from Cloudflare and not your server? I believe Cloudflare issues 403 only when there is a hard block in place, otherwise it is likely to originate from your server.

The first thing I’d do is verify where it actually originates from, by checking the server’s log files when there is a 403. If it shows one it came from your server, otherwise it should be Cloudflare.


#3

Yes, by unbranded I mean the grey background and big 403 in the middle of the screen. It’s not something the origin server generates, and traceroute ends at cloudflare IP.

My hosting provider says that when they were able to reproduce the issue, they saw 404 errors on the server.

What makes this weird is that if I F5 refresh the site later, it might load just fine, and I am able to interact with the site so it’s not the browser cache I’m seeing. But in a few minutes I will see the 403 error again.


#4

A traceroute will always end at Cloudflare.

Based on that message I would not think it is Cloudflare but rather your server. Check it with the logs as mentioned before.


#5

I just received a reply from my hosting provider:

“We have also checked the error logs and we could not find any error for the time range that you mentioned.
We are further looking into it and will get back to you with updates.”

There is obviously some issue with cloudflare accessing the origin server. It’s still odd that I don’t even get a “always online” version of the site, but a straight 403 block. The server doesn’t even log the cloudflare attempt to access the site.

Could there be any reason my hosting would be blocking cloudflare for some reason, accidentally/automatically, rate limiting, something?

Will update when I get more info.


#6

Again, I dont believe this is coming from Cloudflare.

Can you post your URL?


#7

Are you using LiteSpeed as a webserver? That seems to a LiteSpeed styling.


#8

I think the server is Apache, the url is lomaespanjassa.net.


#9

Do you have any way to reproduce the error? It seems you dont have direct access to the log file, do you? If you dont and you cant reproduce it, it will be difficult for the community to debug this.

What you could do is access your server directly, bypassing Cloudflare, once it shows up.

But once again, I am pretty convinced that error does not come from Cloudflare.


#10

If you can reproduce the error, use Firefox or Chrome’s “Dev Tools” feature to open up a connection window. You’ll be able to inspect the headers to get more information on this.

One piece of information would be cf-ray, which is a type of serial number for that connection. You could try opening a Support ticket explaining the situation and sending them the cf-ray number.

@sandro, headers indicate it is indeed LiteSpeed.

Come to think of it, if @sandro is correct, then it would imply it is coming from the origin server. This would mean the hosting provider isn’t checking the correct logs.


#11

Thanks to all for your help.

The hosting provider has been reanalyzing the logs and it seems that our office had tripped their ddos protection because we had multiple computers connecting to the site over https. Normally https would group connections from a single browser to one, but with several computers behind one ip, the system flagged it as suspicious and temporarily blocked our office ip.

That’s why it was so hard to reproduce the error just by changing any settings. The server ddos settings have been modified to prevent this from happening and we haven’t had these errors since last friday.


#12

This topic was automatically closed after 14 days. New replies are no longer allowed.