Can’t Scan due to Cloudflare

  • Resolved misho2007

    (@misho2007)


    1 year, 7 months ago

    Hi,

    i’ve installed WF Plugin over a year now, no changes made in my website or in cloudflare recently & all was perfect, suddenly i can’t do scan but when i pause cloudflare it works, i added WAF rule on cloudflare to allow WF IPs & addedd IP Access Rules but still same problem, i don’t know what i should do again.

    plz check below screenshots & log:

    LOG:

    HTTP/1.1 403 Forbidden
Date: Thu, 13 Apr 2023 13:50:07 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: close
vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yA07wqrbAz9ojZUd3cdmVaneWkQsNjPClEa%2BUR%2BhET2DeAAJgaV8yXYaxuF1oI0vqYtWANztzFSX%2BYHq3SwYb3Xc82Jx59QhDLB2pCuJ1ZNfzaY6bt9uZ6%2Fe8gboV8am"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=7776000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 7b742d22eb4cca50-HAM
Content-Encoding: gzip

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
<hr>
<address>Apache/2.4.56 (Debian) Server at iamalive.store Port 80</address>
</body></html>

    THx in advance

    The page I need help with: [log in to see the link]

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Support wfjanet

    (@wfjanet)

    Hi @misho2007,

    Thank you for reaching out to us.

    Whitelisting Wordfence IPs is a good place to start.

    A 403 error with Cloudflare is usually related to an access error with your site connecting back to itself. You should be able to do this by going to your Cloudflare control panel.

    • Login to Cloudflare
    • Go to “Firewall”
    • Click the “Firewall Rules” tab
    • Click “Create a Firewall rule”
    • Name the rule under “Rule Name”
    • Set the “Field” under “When incoming requests match…” to “IP Address”
    • Enter your site’s IP address under “Value”
    • At the bottom, under “Then…Choose an action” change “Block” to “Allow”
    • Click “Deploy

    Your site’s IP can be found at Wordfence > Tools > Diagnostics > Connectivity > IP(s) used by this server. Once you have added your site to the Cloudflare Whitelist, please try running another scan and let me know how it goes.

    Thanks,

    Janet

    Thread Starter misho2007

    (@misho2007)

    @wfjanet

    THx for your reply but i think you didn’t check my screenshots as i already did this rules on cloudflare as attached

    Plugin Support wfjanet

    (@wfjanet)

    Hi@misho2007,

    I did check the screenshots. You have whitelisted Wordfence IPs, which is great.

    From my response above, please follow the same steps for your site’s IP address. See step 7 below:

    • Login to Cloudflare
    • Go to “Firewall”
    • Click the “Firewall Rules” tab
    • Click “Create a Firewall rule”
    • Name the rule under “Rule Name”
    • Set the “Field” under “When incoming requests match…” to “IP Address”
    • Enter your site’s IP address under “Value”
    • At the bottom, under “Then…Choose an action” change “Block” to “Allow”
    • Click “Deploy

    Your site’s IP can be found at?Wordfence > Tools > Diagnostics > Connectivity > IP(s) used by this server.

    Thanks,

    Janet

    Thread Starter misho2007

    (@misho2007)

    Hi @wfjanet

    yes i already did this step before but didn’t solve it, i did it again now

    Thread Starter misho2007

    (@misho2007)

    @wfjanet

    i also need to share this screenshot from cloudflare Events as you can see the rule working fine & should skip the IP but i don’t know why it’s still blocking it

    Plugin Support wfjanet

    (@wfjanet)

    Hi @misho2007,

    It looks like you created a custom skip rule. Which are primarily used to skip one or more security features of the firewall. See the article below:

    https://developers.cloudflare.com/waf/custom-rules/skip/ 

    Can you please delete the rules above and create firewall rules following the instructions on this article?

    https://developers.cloudflare.com/firewall/cf-dashboard/create-edit-delete-rules/ 

    You will need to add all Wordfence IPs and your server’s IP address.

    Let  me know how it goes.

    Thanks,

    Janet

    Thread Starter misho2007

    (@misho2007)

    THx @wfjanet for your reply,

    my rules are set properly as i tested it & it’s already passing the traffic to the server,

    but finally i know where is the problem,

    i found that my server IP listed in the .htaccess as a deny rule,

    actually i don’t know how the IP goes there as i never open that file, but now after i removed it every thing works as expected,

    THx again for your help ?

    Plugin Support wfjanet

    (@wfjanet)

    You’re welcome, @misho2007.

    I’m glad you were able to resolve the issue. Thank you for sharing the fix.

    I’ll keep this fix in mind.

    Thanks,
    Janet

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Can’t Scan due to Cloudflare’ is closed to new replies.