Will cloudflare block some AWS ip?

yikuiliu · July 10, 2023, 3:54am

I am trying connect to a cloudflare IP from a AWS server by sending a https request.
It always timeout.
But from other servers, like digitalocean and hetzner, as well as from local, the request works well.
I checked AWS security settings, it seems nothing block the request.
So, does cloudflare block some AWS ips or I missed something??

Many thanks

cscharff · July 10, 2023, 4:02am

host name?

yikuiliu · July 10, 2023, 4:19am

with IP 103.21.244.6 (cloudflare) directly. my IP 50.112.68.149

cscharff · July 10, 2023, 4:23am

Those are IPs, not hostnames… what error are you receiving. Cloudflare isn’t blocking a connection to origins. If there’s a specific error/ origin error you should debug it based on the error received.

yikuiliu · July 10, 2023, 4:40am

Thanks.

hostname: arb1. arbitrum.io

I am using Https (js) to send out a request.
I changed the “lookup” function so that the DNS can directly give the specific cloudflare IP (103.21.244.6, for a faster speed).
This code works well on local but fails on AWS server.
It simply gives:
problem with request connect ETIMEDOUT 103.21.244.6:443

cscharff · July 10, 2023, 5:32am

Testing locally that host name is redirected to the root domain.

curl -Ikv https://arb1.arbitrum.io/
*   Trying 104.22.65.211:443...
* Connected to arb1.arbitrum.io (104.22.65.211) port 443 (#0)
* ALPN: offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN: server accepted h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=arbitrum.io
*  start date: Apr 30 00:00:00 2023 GMT
*  expire date: Apr 29 23:59:59 2024 GMT
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
* using HTTP/2
* h2h3 [:method: HEAD]
* h2h3 [:path: /]
* h2h3 [:scheme: https]
* h2h3 [:authority: arb1.arbitrum.io]
* h2h3 [user-agent: curl/7.88.1]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x13b80da00)
> HEAD / HTTP/2
> Host: arb1.arbitrum.io
> user-agent: curl/7.88.1
> accept: */*
>
< HTTP/2 301
HTTP/2 301
< date: Mon, 10 Jul 2023 05:30:49 GMT
date: Mon, 10 Jul 2023 05:30:49 GMT
< location: https://arbitrum.io
location: https://arbitrum.io

yikuiliu · July 10, 2023, 7:12am

Thanks,
This 104.22.65.211:443 works well, but I want to direct to 103.21.244.6.
This is done by change the lookup function

cscharff · July 10, 2023, 2:19pm

But you appear to have selected an IP address Cloudflare owns which isn’t even listening on port 443. Use one of the IP addresses assigned to the domain in question if you feel you must hard code it.

system · July 25, 2023, 2:19pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.