pki-validation error
Hi
Just after enabling proxy mode on cloudflare I can see many requests from cloudflare IP and path as /.well-known/pki-validation/name.txt.
What are these requests as currently I am blocking these requests.
Do I need to allow these requests ?
1 Reply
But SSL certificate is already issued for my domain.
Why is cloudflare trying to issue certificate ?
Ok.
But this issue I am facing with only some specific hosts.
Not every host. And I have a firewall rule to allow only certain IPs for all the hosts.
My problem is in this environment I am only allowed to send traffic from some specific IPs only.
Is it necessary to whitelist this IP or should I just leave this request as it is getting blocked ? Will this create any issue ?
where can I find this path ?
"./well-known/pki-validation"
On the DNS manager ?
Ya Leo, I have created an IP list.
And I have created a firewall rule as
If hostname ="legit-hostname" and IP is not in "IP Allow List" Then Block the request.
So this Cloudflare Certificate IP is getting blocked.
Ok Leo
Thank you so much.
Just 1 thing I have in my mind.
Although I have SSL created for my domain, why cloudflare also creates certificate ?
Ok.
So once this certifiate creation is done.
I can remove this rule " 'and not http.request.uri.path contains "/.well-known/pki-validation/" and not http.request.uri.path contains "/.well-known/acme-challenge/"'"
Ok.
Thanks Leo. You are very helpful.
I tried adding u as friend but I was unable to do so.
Still thaks a lot.
Hi Leo
I faced one issue with a legit request as it was getting blocked.
Rule which is blocking is -
XSS, HTML Injection - Base Tag
What does this rule actually mean do you have any idea ?
Ok.
But why this rule gets triggered ?
Haha... I think <base> tag is not advisable to pass in Http Body