"You have been blocked" on multiple cloudflare-protected sites - how avoid?

I’m an end-user browsing multiple websites and usually I never have issues with cloudflare CDN blocking my browsing. Starting today, several HTTP post requests to multiple websites using cloudflare for security have resulted in “Sorry, you have been blocked” messages.

While I can “browse” the websites I cannot post updates to support tickets, post message in a forum board etc.

At first I thought, OK maybe I am being IP blocked. Let me turn on my surfshark VPN chrome extension and try from a different IP. Nope, cloudflare again blocked my request. Once again, I am a legitimate user. I got no capcha or human challenge to overcome the blocking.

At least 2 different websites have blocked me, I have used multiple IPs from different providers and still can’t work.

IPs:

  • My datacenter IP to my private server (this is my default home internet gateway for privacy reasons), it is static in nature. IPv6 + IPv4. Initial block happened here.
  • Cellphone hotspot IP address. Used this as secondary, got block a second time.
  • Surfshark VPN via chrome extension. This was my third attempt, got blocked also.

Cloudflare Ray ID: 63dd8394bbb411a1 • Your IP: 172.58.12.223 (this is a CGNAT IP I don’t care to share publicly)
Cloudflare Ray ID: 63dd5b1b79d13721 • Your IP: 158.51.xx.xx (my home static IPv4)
Cloudflare Ray ID: 63dd929098adef1a • Your IP: 87.101.93.182 (Surfshark)
Cloudflare Ray ID: 63dd93810f87128b • Your IP: 91.206.168.51 (Surfshark - argentina location)

The error message is always to “contact site owner” well this is occuring in different websites owned by multiple parties. There seems to be some kind of AI or algorithm seeing my traffic patterns and tracking me via web browser cookies?

Regardless the core of my question is how can I escalate to cloudflare to get back working again?
Either request that a human challenge be displayed before block OR please whitelist my static IPv4 + IPv6 address from my home endpoint possible?

Unfortunately, Cloudflare can not override the security settings of their customers.

Are you on good terms with any of the site owners? They should be able to check their firewall log to see what triggered the block.

Are you on good terms with any of the site owners? They should be able to check their firewall log to see what triggered the block.

Could you help clarify what you mean by firewall?

My understanding is that Cloudflare CDN is the frontend handling and verifying traffic to be legitimate before allowing traffic to be sent to the true original endpoint or server - when you say firewall, are you asking about cloudflare CDN logs or the backend server that was meant to handle the POST request?

This was not a single website by a single owner, I think my feedback here is that a cloudflare algorithm may have marked my traffic as a ‘bot’ - I shared the Ray IDs any chance to get someone to verify this?

I’m making the assumption that my traffic is flagged as a bot since multiple properties all hitting cloudflare IPs result in the same block regardless of owner. So it feels like the root cause is the algorithm implemented at Cloudflare itself - not the site owners. What would they do? they have no control over automatic ‘bot’ traffic detection patterns cloudflare implements.

You’d have to share the Ray IDs with the website owner. Then they can check the Cloudflare firewall event log in their Cloudflare dashboard to see which of their settings triggered the block.

If that were the case, you would not have access to this very forum. The site owners have chosen to use an increased security setting, but you’ll have to check with them to see which one it is.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.