WAF Blocking Calls from Cloudflare Workers
Hello,
I have an API which is available on Cloudflare through https://api.modrinth.com. This API is protected by Cloudflare. I have a Cloudflare Pages website which calls this API via SSR. Right now, cloudflare seems to be blocking requests from my workers when it sends too many concurrently. How can I fix it?
Thanks!
9 Replies
Hi, Is it a free account? What status code are you seeing for the API? Did you check if you have configured any rate limit rules for APIs in general? You can also see more info in the Logs & Analytics section for blocked requests
This is an enterprise account
startup enterprise specifically
It's hard to tell since the pages function logs aren't working. But basically if I spam the pages site (https://beta.modrinth.com) it starts returning 500 errors
this doesn't happen on vercel (which we are migrating from) because on vercel we make it bypass cloudflare by using the direct IP on SSR- for some reason this doesn't work on cloudflare- i think because it's https?)
we don't have any rate limit for the api, but it is behind waf with a medium security level set
the api itself has a ratelimit, but the frontend is configured to bypass it
Can you see the error code the api is returning? It should be a 520 or 403 for a waf block, I believe, a SSL error would be different
I can't now since pages logs are broken for me 😦
I get a 403 forbidden when trying to access a direct http url from the pages, but the URL it tries fetching works just fine from the browser
does pages block http requests?
figured somehting out, made a seperate private subdomain which disables waf, security level, etc