Unreachable CF ips from Algerian isps

Application Performance DNS & Network
1

What is the name of the domain?

What is the error message?

ERR_CONNECTION_TIMED_OUT

What is the issue you’re encountering

Some sites behind CF are currently unreachable from Algeria. The following ips are unreachable 104.21.16.1 - 104.21.96.1 - 104.21.32.1 - 104.21.48.1 - 104.21.112.1 - 104.21.80.1 - 104.21.64.1 This list is non exhaustive and there could be more ips affected by the issue. The issue first appeared on June 12th and is still ongoing.

What steps have you taken to resolve the issue?

Disabling CF proxy resolves the issue. So there seems to be an issue between CF and Algerian isps. Which side is causing it, that I don’t know!

What feature, service or problem is this related to?

I don’t know

What are the steps to reproduce the issue?

Example of unreachable ip:

ping 104.21.48.1
PING 104.21.48.1 (104.21.48.1) 56(84) bytes of data.
^C
— 104.21.48.1 ping statistics —
17 packets transmitted, 0 received, 100% packet loss, time 16407ms

2

What ISP / provider, preferably their AS number?

The AS number can be found here:

Can you share the output of “tcptraceroute 104.21.48.1 443”?

1 Like
4

ISP: Telecom Algeria
ASN: AS36947

tcptraceroute output:


Tracing the path to 104.21.48.1 on TCP port 443 (https), 30 hops max
 1  192.168.1.1  0.443 ms  0.453 ms  0.459 ms
 2  192.168.100.1  0.962 ms  0.784 ms  0.948 ms
 3  105.98.0.1  3.118 ms  2.897 ms  4.105 ms
 4  10.104.16.1  3.855 ms  3.368 ms  3.332 ms
 5  * * *
 6  10.16.16.16  10.885 ms  5.307 ms  4.155 ms
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
Destination not reached
1 Like
5

If you try with surrounding IP addresses, such as e.g. “104.21.48.2”, does that make a difference?

2 Likes
6

It works just fine:


Tracing the path to 104.21.48.2 on TCP port 443 (https), 30 hops max
 1  192.168.1.1  0.457 ms  0.377 ms  0.422 ms
 2  192.168.100.1  1.070 ms  0.835 ms  0.798 ms
 3  105.98.0.1  3.282 ms  3.135 ms  3.115 ms
 4  10.104.16.13  3.539 ms  3.523 ms  3.457 ms
 5  * * *
 6  10.16.16.16  4.398 ms  4.293 ms  4.046 ms
 7  172.28.16.2  4.243 ms  3.995 ms  4.156 ms
 8  * * *
 9  be3355.ccr31.mad05.atlas.cogentco.com (154.54.57.229)  31.302 ms  30.353 ms  29.852 ms
10  te0-8-1-12.ccr31.mad05.atlas.cogentco.com (149.6.150.13)  36.585 ms  37.301 ms  54.667 ms
11  188.114.108.61  36.855 ms  37.165 ms  36.837 ms
12  * * *
13  104.21.48.2 [open]  37.954 ms  37.293 ms  37.676 ms
2 Likes
7

You seem to be collateral damage to:

You will need to contact Telecom Algeria for further remediation.

Thanks for confirming this!

Surrounding IP addresses that works, but individual ones that doesn’t, that will imply that Telecom Algeria is restricting access to one (or more) Cloudflare IP addresses.

2 Likes
8

What is the name of the domain?

What is the error number?

Dns

What is the error message?

Time is over

What is the issue you’re encountering

I can’t access to my wey

What steps have you taken to resolve the issue?

Subject:

Hello,

My website (a7la-home.com) becomes completely inaccessible for users in Algeria when Cloudflare is enabled (orange cloud in DNS settings). However, once I disable Cloudflare (gray cloud), the website loads perfectly from the same networks and devices.

Here’s a summary of the issue:

  • Hosting is in Amsterdam (direct server IP works fine)
  • The issue only occurs when traffic goes through Cloudflare
  • Users from multiple ISPs in Algeria experience “timeout” errors in all browsers
  • The website works properly from other countries or when using VPN
  • Tools like GeoPeeker can access the site successfully, but real users in Algeria cannot
  • I performed a traceroute and noticed multiple timeouts when Cloudflare is active
  • Ping and curl show normal response when Cloudflare is disabled

I believe the issue might be related to the Cloudflare edge server serving Algeria or a routing issue between your CDN and ISPs in Algeria, possibly during the national internet filtering period around exam dates.

Please investigate this issue or suggest a workaround. Let me know if you need any debug information.

Best regards,
IP address for reference: 154.121.115.223

What feature, service or problem is this related to?

DNS not responding/updating

What are the steps to reproduce the issue?

In the message

9

I’ve read about the issue it seems that ### Algérie Télécom has blocked some cloudflare IPs contact them to resolve the issue for the meantime you may disable cloudflare proxying which will use your default server IP instead (Assuming your default IP is not a cloudflare IP this should resolve the issue)

1 Like
10

Well that’s unfortunate. Thank you so much for helping me debug the situation!

2 Likes
11

I manage multiple websites on Cloudflare, and I’ve discovered it’s not all Cloudflare IPs that are blocked. It’s specific IP ranges:

  • :cross_mark: 104.21.x.x range = Completely blocked in Algeria
  • :white_check_mark: 172.67.x.x range = Working perfectly
  • :white_check_mark: 104.16.x.x range = Working perfectly

For example:

  • tartinado.com (104.21.64.1) = Blocked
  • colivraison.express (172.67.221.169) = Works fine

SSL Certificate Issue

I tried disabling Cloudflare proxying as you suggested, and yes, it resolves the connectivity issue. However, this creates a major SSL problem:

The issue: Cloudflare’s Universal SSL certificates only work when proxying is enabled (orange cloud). When you disable proxying (gray cloud), browsers get SSL errors.

Temporary Workaround

I implemented a temporary fix:

  1. Disabled Cloudflare proxying (gray cloud)
  2. Generated Let’s Encrypt SSL certificates on my server
  3. Changed Cloudflare SSL/TLS settings to accommodate this
  4. Sites are now accessible from Algeria with valid SSL

Why This Isn’t Ideal

This workaround works but has drawbacks:

  • :cross_mark: Lose Cloudflare’s DDoS protection
  • :cross_mark: Lose Cloudflare’s CDN benefits
  • :cross_mark: Lose Cloudflare’s caching
  • :cross_mark: Expose origin server IP
  • :cross_mark: Need to manage SSL renewals manually

Root Cause

The blocking appears to be related to Algeria’s internet filtering during Baccalaureate exams (June 12-19, 2025). The exams ended, but the IP range blocks persist across all Algerian ISPs (Algérie Télécom, Mobilis, Djezzy, Ooredoo).

Has anyone else experienced similar selective IP range blocking with Cloudflare in other regions?

12

Same here, CF 104.21.x.x since 12 June.
Not sure why CF isn’t investing the problem :thinking:, if those ip are blocklisted by a country, it must be for a reason, and why CF is allowing blocklisted ip on their servers?

13

Cloudflare has answered this question before.

14

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.