What is the domain name?
Have you searched for an answer?
Please share your search results url:
Describe the issue you are having:
At first I found that my domain was hijacked (access jumped to other phishing sites), so I checked if the server was attacked, but there was no trace of any attack. Secondly, I suspected whether Cloudflare access to the source server was hijacked, but it was not the reason. After I opened Under Attack Mode and set the firewall rules (all blocked), but the User-Agent carrying Windows will still automatically 301 jump to the phishing site, not carrying can return the results normally.
Then I set up a firewall and blocked all requests, but the problem still persists, and it didn’t log any requests that contains Windows User-Agent.
What error message or number are you receiving?
When I turned on firewall in Cloudflare:
- UA didn’t contain Windows: 1020 error
- UA contain Windows (No log in firewall): 301 redirect to harmful URL
What steps have you taken to resolve the issue?
At first I thought that Cloudflare was being hijacked when requesting the source server, so I changed the SSL/TLS encryption mode to Full (strict), but the issue still exists
Then I turned on Under Attack Mode, and requests without a Windows User-Agent displayed authentication normally
Then I set my Cloudflare firewall rules to deny all requests, but the issue still exists
Was the site working with SSL prior to adding it to Cloudflare?
Yes, used cert by Let’s Encrypt.
What are the steps to reproduce the error:
- Check my vultr server stats (is it being attacked? No)
- Set SSL/TLS encryption mode to Full (strict)
- Set Cloudflare Firewall: Deny ALL
- Go to Liberate the Hostname
The issue still exists.
Have you tried from another browser and/or incognito mode?
Yes, I tried by curl and Chrome in my macOS computer and Windows Server.
Please attach a screenshot of the error: