We received several support request that our service (CF worker) is not accessible. Once client switches to LTE everything works properly.
One client is getting ERR_CONNECTION_RESET error in his Chrome console, another one is getting ERR_SSL_PROTOCOL_ERROR. First one is from Maryland, United States and using Xfinity provider. THe second one is also from the US but not sure about his exact location and provider.
We never had such issues with our worker before. We have custom domain added to the worker, SSL certificate is provided by Cloudflare as well. Also app is used by thousands of customers with no issues, so looks like some local issue related to particular location/provider. Is there any way to fix that problem?
ERR_CONNECTION_RESET means your customer can’t connect to the address at all and ERR_SSL_PROTOCOL_ERROR means the browser failed to establish a secured connection to the website.
Both of these might be symptoms of their connection being DNS hijacked and on the 1st error it does not resolve anywhere, but on the second it resolves to somewhere that does not match the original URL.
This type of DNS redirection is often used by companies to prevent workers from reaching unwanted websites or by ISP operators to filter unwanted content for instance.
In any case if this is what’s happening, there’s nothing Cloudflare can do to avoid it. At most, you can advise your customers to install WARP or contact the specific ISP to inquire why your website is being blocked.
Hey, thank you for explanation! Could it be something related to domain name itself? I.e. changing the domain name or adding alternative domain to the worker could help in that situation?
Strange enough that we’ve received the list of visitors who were unable to access our service, and mostly they are using Comcast or Xfinitiy, but they are even in different states: VA, TN, PA. While other customers from VA are ok (different provider)
According to @mcorreia response, that was some DNS redirection/blocking by ISP.
After further investigation we found out that *.workers.dev domain is working perfectly for the same customers, but our custom domain - not. Does that mean that our domain was just banned by Comcast in certain regions (sounds really weird as we only have one small app on that domain). Or there could be some DNS issues on our end?
Our domain is on Cloudflare as well and we don’t have any other records except on pointing the domain to the worker (root domain). Probably I need to add some other records? Probably having one single record (I see it as Worker, but I guess it’s CNAME record) looks suspicious for ISP?
I can’t find anything wrong – it’s resolving correctly everywhere I look, including the Comcast/Xfinify nameservers. And it works (returns an “Ok”) from inside Comcast’s network on the US east coast. I don’t see you on any blacklists or anything like that.
So the problem may be more localized than that. Perhaps the clients’ internal networks?