How to determine this is 403 blocked from Cloudflare (WAF/any firewall) or from Origin server?
How to determined this is 403 blocked from Cloudflare (WAF/any firewall) or from Origin server?
I want to know this blocked event from client-side to handle it. Did we have solid reponse header or some feature to enable it?
6 Replies
If cf-cache-status exists, it's from origin
The Cloudflare block pages are also very obviously cloudflare, ex: https://cloudflare.com/cdn-cgi/error/1006
I want to check it via my client like iOS, Android application. So that html pages might be change over time cause CSS/redesign.
Are you sure that
cf-cache-status that will always hit from origin?
I can't find any official document about it. cf-cache-statuscf-cache-status existing means the response came from the origin (cached or not), idk if I'd use it for automatic detection though, your app just shouldn't be blocked by your firewall in general
https://developers.cloudflare.com/cache/concepts/cache-responses/
Yep, my app shouldn't blocked by my firewall. I want to reduce any false positive block events.
Thank you so much. I will try with
cf-cache-status first. 🙏The alternative option, if you have control over your origin and it does respond with 403, is to check for a special header from it (or content type and then parse it)
for example: if it's a 403 with non-json/non-parsable, assume Cloudflare, otherwise parse and show error from backend
if you have an API, you should carve out exceptions using Custom Rules though, don't block with Security Level, Bot Fight Mode (if you have it enabled, etc)
That interesting..
I greatly appreciate your assistance; you've been incredibly helpful and provided valuable insights.