--- title: Support description: Below you will find links to the relevant sections for support-focused material. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Support Below you will find links to the relevant sections for support-focused material. * [ Contacting Cloudflare Support ](https://developers.cloudflare.com/support/contacting-cloudflare-support/) * [ Third-Party Software ](https://developers.cloudflare.com/support/third-party-software/) * [ Troubleshooting ](https://developers.cloudflare.com/support/troubleshooting/) * [ Cloudflare Status ](https://developers.cloudflare.com/support/cloudflare-status/) * [ Disruptive Maintenance ](https://developers.cloudflare.com/support/disruptive-maintenance/) ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}}]} ``` --- --- title: Contacting Cloudflare Support description: Learn how to contact Cloudflare Support via community, chat, or phone. Get help with issues, verify identity, and understand SLAs for different plans. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Contacting Cloudflare Support ## Guidelines for contacting Cloudflare support Cloudflare Support _cannot_ perform the following actions: * Make configuration or account changes on a customer’s behalf * Provide sensitive account info over the phone * Troubleshoot or debug customer's code and its logic * Troubleshoot or answer questions about domains not associated with the Cloudflare account email address used to contact support Warning **Do not share** any sensitive information, such as passwords, credit card numbers, private keys, or API keys with Cloudflare Support. Before notifying Cloudflare of an issue with your site, refer to the [Cloudflare Status Page ↗](https://www.cloudflarestatus.com/). If reporting issues with your site, ensure to provide adequate details in the support case _(refer to [Getting help with an issue](#getting-help-with-an-issue) for more information)_. --- ## Methods of contacting Cloudflare support As a Cloudflare customer, you can contact Cloudflare for support via the community portal or by opening a support case, live chat, or phone. Support options can vary depending on your plan. | Enterprise | Business | Pro | Free | | | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | --- | ----------- | ----------- | | [Community ↗](https://community.cloudflare.com/)Join the community to ask basic troubleshooting questions and to view the latest resources (such as tips for resolving common issues and configuration guidance). | Yes | Yes | Recommended | Recommended | | [Discord ↗](https://discord.cloudflare.com/)Join the Discord community to ask basic troubleshooting questions (mainly focused on the Developer Platform). | Yes | Yes | Recommended | Recommended | | [Support case](#getting-help-with-an-issue)Use to troubleshoot specific issues or errors. Response times depend on your plan. | Yes | Yes | Yes | No\* | | **Chat**Use to troubleshoot specific issues or errors. Response times depend on your plan. | Yes | Yes | No | No | | **Emergency Phone** Use phone support to reach out during emergencies such as site outages or DDoS attacks. | Yes | No | No | No | --- Note Customers on Free plans are encouraged to utilize our Cloudflare Community and will only receive standard case support for billing, account, and registrar issues. ## Verifying your identity on phone calls _(For Enterprise Emergency Phone Support)_ For account security, you must verify your identity and account ownership in the Cloudflare dashboard before discussing account settings and sensitive details with Cloudflare Support. There are two verification options: * a single-use token that automatically refreshes every thirty (30) seconds, or * an [authenticator app token](https://developers.cloudflare.com/fundamentals/user-profiles/2fa/#configure-totp-mobile-application-authentication) on your mobile device. ### Authenticating your account 1. In the Cloudflare dashboard, go to the **Support** page and select the account you are calling about. [ Go to Support ](https://dash.cloudflare.com/?to=/:account/support) 1. Click on the **Technical Support** tile and then the **Emergency Phone Line** tile. 2. To authenticate using a single-use token, click on the **Get a single-use token** button. A pop-up window will appear with your Unique Customer Id and One Time Passcode. The code automatically refreshes every 30 seconds. ![](https://developers.cloudflare.com/_astro/Emergency_Phone_Support.IYDzAqH8_Z57Dpr.webp) 1. To authenticate using an authenticator app, click **Configure authenticator app** and follow the [configuration instructions](https://developers.cloudflare.com/fundamentals/user-profiles/2fa/#configure-totp-mobile-application-authentication) on the following screen. After configuration, the token code will appear in your mobile authentication application. 2. When calling the emergency phone line, you can authenticate automatically by entering your ID and Code when requested. --- ## Getting help with an issue To submit a support case, follow these steps: 1. In the Cloudflare dashboard, go to the **Support** page and select the account you require assistance for. [ Go to Support ](https://dash.cloudflare.com/?to=/:account/support) 1. Click on the **Technical Support** tile, or for billing issues click **Billing** and then click **Create a Case** at the bottom of the following screen. 2. Choose the category and subcategories that best define your issue. 3. Choose the affected domains (if applicable). 4. Enter a detailed summary of the issue you’re experiencing. 5. Complete the case submission fields as completely as possible with the following information. _(**Please note** that missing information will increase the time it takes to resolve your issue and our team may not be able to investigate without enough information. Please review [Gathering information for troubleshooting sites](https://developers.cloudflare.com/support/troubleshooting/general-troubleshooting/gathering-information-for-troubleshooting-sites/) and make sure you include all needed information.)_\- A detailed description of the issue with the following information: * Timestamp (UTC) * ZoneName/ZoneID * Problem frequency * Steps to reproduce the issue, with actual results vs expected results - Any necessary information for a technical investigation * A description of the actual results vs expected results * Steps to reproduce the issue, with example URLs * Exact error messages * [HAR files](https://developers.cloudflare.com/support/troubleshooting/general-troubleshooting/gathering-information-for-troubleshooting-sites/#generate-a-har-file) * Screenshots * Relevant logs from the origin web server * Output from [test tools](https://developers.cloudflare.com/support/troubleshooting/general-troubleshooting/gathering-information-for-troubleshooting-sites/) such as MTR, traceroute, dig/nslookup, and cURL - Priority level, impact to service / production - Any collaborators whom you wish to be cc'd on the case 6. Click **Submit Case** \*\* Available to certain plan types only. Refer to chart above for details. ### Accepted file formats in cases and chats You can only upload the following file types in a case or a chat: _Image_ * png, jpg, gif, ico, tiff _Video_ * mp4, avi, webm _Text_ * har, txt, csv, eml, css, html, json, tf _Packet Capture_ * pcap, pcapng, cap Cloudflare Support only accepts the Cloudflare One Client diagnostics as compressed files. Please do not upload ZIP or RAR files when sharing [HAR files](https://developers.cloudflare.com/support/troubleshooting/general-troubleshooting/gathering-information-for-troubleshooting-sites/#generate-a-har-file), and please do not share compressed documents like DOCX, XLSX, or PPTX. The maximum file size is **20 MB**. If you need to share a larger file, please provide a link to the file using Google Drive or a similar sharing platform of your choice. When sending Cloudflare Support packet captures, please do the following: 1. Filter for relevant traffic. Use a display filter and then save [export specified packets ↗](https://www.wireshark.org/docs/wsug%5Fhtml%5Fchunked/ChIOExportSection.html) to reduce the file size. 2. Include the name of the device and interface/tunnel in the file name. 3. Describe what each packet capture shows. ### View open support cases 1. In the Cloudflare dashboard, go to the **Support** page. [ Go to Support ](https://dash.cloudflare.com/?to=/:account/support) 1. Click on **Get help** 2. Select the account you require assistance for 3. Click on the **Technical Support** tile followed by **View My Cases**. 4. You will be redirected to the portal where you can see your own cases and cases you are CC'd on. ### Add participants to open support tickets 1. In the Cloudflare dashboard, go to the **Support** page and select the account you require assistance for. [ Go to Support ](https://dash.cloudflare.com/?to=/:account/support) 1. Click on the **Technical Support** tile followed by **View My Cases**. 2. You will be redirected to the portal where you can see your own cases and cases you are CC'd on. 3. Select the case you want to add participants to. 4. Enter their email in the `Case Participants` box in the top right and click **Add**. --- ## Live chat support Available for Business and Enterprise plans only. Use **live chat** for quick questions that do not require deep technical investigation: 1. In the Cloudflare dashboard, go to the **Support** page and select the account you require assistance for. [ Go to Support ](https://dash.cloudflare.com/?to=/:account/support) 1. Select **Technical Support** tile > **Chat with an agent**. * **Business plans**: Complete the support form and select **Start Live Chat**. The widget will open automatically, pre-filled with your details. * **Enterprise plans**: The chat widget will open immediately. Enter a brief description of your problem to begin. 2. Wait for an agent to join the conversation. Response times may vary based on current chat volume. --- ## Service Level Agreements and Objectives ### How we prioritize your issue Cloudflare support responds to every case received in the following priority order: * Premium Enterprise * Standard Enterprise * Business * Pro * Free Cloudflare Support strives to respond to our customers as quickly as possible. Urgent issues (site down, under attack) are prioritized for the quickest response possible. Please explicitly specify the priority level and impact to your production service when reaching out to Cloudflare support. Below are definitions of the priority levels Cloudflare assigns to cases and the associated Service Level Agreement (SLA) or Service Level Objective (SLO). Whenever possible, responses are provided quicker than the noted SLAs. ### Priority definitions * P1 Urgent- Critical Business Impact: Severe disruption to your business operations. This issue requires immediate and ongoing attention from both Cloudflare as well as yourself as it directly affects revenue, users, or business continuity. * _Example_: Your websites, applications, or services are completely unavailable or severely impaired across multiple regions or ISPs. * _Example_: A confirmed, active security attack is causing major disruptions, such as denial of service, data breaches, or account compromises. * P2 High - High Business Impact: Significant but localized service or security disruption. While not a full outage, this issue affects business operations and requires urgent resolution. * _Example_: A recurring or persistent issue is affecting a portion of your users, such as degraded performance, intermittent outages, or limited accessibility. * _Example_: A past, confirmed security attack has resulted in measurable impact, requiring investigation and mitigation to prevent recurrence. * P3 Normal - Moderate Business Impact: Limited service impact or suspected security concerns. The issue does not pose an immediate risk but requires attention for continued reliability. * _Example_: Your service is operational, but you are experiencing minor disruptions, such as performance fluctuations, unexpected behavior, or non-critical bugs. * _Example_: A suspected security threat has been detected but is currently mitigated (e.g., an attack that Cloudflare successfully blocked). * P4 Low - Low Business Impact: General inquiries and non-urgent requests. The issue does not impact your service availability or business operations. * _Example_: You are requesting feature enhancements or recommendations for improving security or performance. * _Example_: You have questions about Cloudflare’s products, documentation, or best practices. ### Premium SLA * P1 Urgent- initial response in 1 hour * P2 High - initial response in 2 hours * P3 Normal - initial response in 24 hours * P4 Low - initial response in 24 hours ### Enterprise SLA * P1 Urgent - initial response in 2 hours * P2 High - initial response in 4 hours * P3 Normal - initial response in 48 hours * P4 Low - initial response in 48 hours ### SLOs for other plans * PAYGO and Free customers - No SLAs are offered, but customers are responded to in the order in which their request is received. For a quicker answer, we highly recommend searching or posting on our [Community forums ↗](https://community.cloudflare.com/). ## Supported languages For Enterprise support, Cloudflare provides support in English, but makes a best effort to offer help in the following languages: * Chinese * French * German * Japanese * Portuguese * Spanish ## Supported regions Cloudflare offers worldwide support, which covers: * Asia-Pacific * Europe, Middle East, and Africa * North and South America ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/contacting-cloudflare-support/","name":"Contacting Cloudflare Support"}}]} ``` --- --- title: Cloudflare Status description: Cloudflare provides updates on the status of our services and network at https://www.cloudflarestatus.com/, which you should check if you notice unexpected behavior with Cloudflare. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Cloudflare Status Cloudflare provides updates on the status of our services and network at [https://www.cloudflarestatus.com/ ↗](https://www.cloudflarestatus.com/), which you should check if you notice unexpected behavior with Cloudflare. Beyond looking at the page itself, there are programmatic ways to consume this information. ## Configure notifications Cloudflare offers a dedicated notification called **Incident Alert**, which lets you know when Cloudflare is experiencing an incident. You can configure this notification to send via [email](https://developers.cloudflare.com/notifications/get-started/), [Webhooks](https://developers.cloudflare.com/notifications/get-started/configure-webhooks/), or [PagerDuty](https://developers.cloudflare.com/notifications/get-started/configure-pagerduty/). ## Use the API Cloudflare also provides status information through the [Cloudflare Status API ↗](https://www.cloudflarestatus.com/api). Endpoints are displayed with examples using cURL and our embeded JavaScript widget (if available). ## Related resources * [Available RSS feeds](https://developers.cloudflare.com/fundamentals/new-features/available-rss-feeds/) (for the [Cloudflare changelog](https://developers.cloudflare.com/changelog/)) * [API deprecations](https://developers.cloudflare.com/fundamentals/api/reference/deprecations/) * [Planned maintenance windows](https://developers.cloudflare.com/support/disruptive-maintenance/) ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/cloudflare-status/","name":"Cloudflare Status"}}]} ``` --- --- title: Disruptive Maintenance description: Planned maintenances will be published on the status page using a calendar that is updated on a daily basis. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Disruptive Maintenance ## Scheduled Maintenance Windows Planned maintenances will be published on the status page using a _calendar_ that is updated on a daily basis. During these maintenance windows, customers may experience a slight increase in latency to the edge location which is under maintenance. Note All dates in the calendar are in UTC Timezone. ### Maintenance Calendar links [Download iCal ↗](https://calendar.google.com/calendar/ical/c%5F83vui762nfm498l9a0ciojbju0%40group.calendar.google.com/public/basic.ics "Download iCal") [Add to Google Calendar ↗](https://calendar.google.com/calendar/u/0?cid=Y184M3Z1aTc2Mm5mbTQ5OGw5YTBjaW9qYmp1MEBncm91cC5jYWxlbmRhci5nb29nbGUuY29t "Add to Google Calendar") ### Notifications Scheduled maintenances can also be sent out via [Cloudflare Notifications](https://developers.cloudflare.com/notifications/). Maintenance Notification **Who is it for?** Customers interested in knowing about planned [Cloudflare maintenance](https://developers.cloudflare.com/support/troubleshooting/disruptive-maintenance/) for specific data centers. The notification lets you know when maintenance has been scheduled, changed, or canceled on an entire point of presence. **Other options / filters** You can filter maintenance notifications for specific points of presence and updates (scheduled, changed, canceled). **Included with** All Cloudflare plans. **What should you do if you receive one?** If the notification is announcing new scheduled maintenance, you may want to add the maintenance to your calendar. During these maintenance windows, you may experience a slight increase in latency to the edge location which is under maintenance. Refer to [Cloudflare Notifications](https://developers.cloudflare.com/notifications/get-started/) for more information on how to set up an alert. ## Unplanned Maintenance Cloudflare operates a redundant [anycast network ↗](https://www.cloudflare.com/en-gb/learning/cdn/glossary/anycast-network/) that is capable of automatically removing locations from our network if they require unplanned maintenance or experience an emergency event. In such cases, traffic will be rerouted automatically to alternative locations. To check for unplanned maintenance, you can confirm at all times if a location was re-routed by verifying if its status is listed as "Re-routed" in our status page [https://www.cloudflarestatus.com ↗](https://www.cloudflarestatus.com). Exceptionally, an incident may be declared for maintenance at a location, in which case updates will be available in our status page at [https://www.cloudflarestatus.com ↗](https://www.cloudflarestatus.com). ## Interconnections at locations under maintenance If you have a [CNI connection](https://developers.cloudflare.com/network-interconnect/) with Cloudflare at a re-routed location, it may become temporarily unavailable during planned or unplanned maintenance, and regular internet routing may be used instead to reach your network. In the Magic family of products, the routing is defined explicitly using [static routes](https://developers.cloudflare.com/cloudflare-wan/configuration/manually/how-to/configure-routes/#create-a-static-route) to send traffic to the specified tunnels, with customer-configured priorities. If you have a CNI tunnel, we strongly recommend that you also add routes to an alternative tunnel, such as a fallback Internet tunnel, to make sure your traffic can be routed at all times. ## Related resources * [Available RSS feeds](https://developers.cloudflare.com/fundamentals/new-features/available-rss-feeds/) (for the [Cloudflare changelog](https://developers.cloudflare.com/changelog/)) * [Subscribe to Cloudflare Status](https://developers.cloudflare.com/support/cloudflare-status/) * [API deprecations](https://developers.cloudflare.com/fundamentals/api/reference/deprecations/) ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/disruptive-maintenance/","name":"Disruptive Maintenance"}}]} ``` --- --- title: Cloudflare WordPress Plugin Automatic Cache Management description: The Cloudflare WordPress plugin contains a feature called Automatic Cache Management. When a user adds, edits, or deletes a post, page, attachment, or comment - any associated URLs are purged from the Cloudflare cache. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Cloudflare WordPress Plugin Automatic Cache Management ## Overview The Cloudflare WordPress plugin contains a feature called Automatic Cache Management. When a user adds, edits, or deletes a post, page, attachment, or comment - any associated URLs are purged from the Cloudflare cache. When you switch a theme or customise a theme within the WordPress admin panel, the cache will automatically be cleared too. Automatic Cache Management uses native hooks built into WordPress. The Cloudflare WordPress plugin purges the following cache URLs: * deleted\_post * edit\_post * delete\_attachment * autoptimize\_action\_cachepurged (for compatibility with the Autoptimize WordPress plugin) * switch\_theme * customize\_save\_after --- ## Enable Automatic Cache Management To enable Automatic Cache Management after [installing the WordPress plugin](https://developers.cloudflare.com/automatic-platform-optimization/): 1. Log in to your WordPress account. 2. Click **Settings** and choose the Cloudflare plugin. The Cloudflare plugin home page appears. 3. Click **Enable** to the right of the **Automatic Cache** feature. A confirmation dialog appears. 4. Click **I'm sure** in the confirmation dialog to confirm. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/third-party-software/","name":"Third-Party Software"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/third-party-software/content-management-system-cms/","name":"Content Management System (CMS)"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/third-party-software/content-management-system-cms/cloudflare-wordpress-plugin-automatic-cache-management/","name":"Cloudflare WordPress Plugin Automatic Cache Management"}}]} ``` --- --- title: How do I enable HTTP2 Server Push in WordPress description: HTTP/2 Server Push allows a website to push content to a browser, without having to wait for the HTML of one page to render first. In conjunction with the concurrency support built into HTTP/2, Server Push is able to dramatically reduce the amount of requests needed to load your website. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # How do I enable HTTP2 Server Push in WordPress HTTP/2 Server Push allows a website to push content to a browser, without having to wait for the HTML of one page to render first. In conjunction with the concurrency support built into HTTP/2, Server Push is able to dramatically reduce the amount of requests needed to load your website. ![Old URL: https://support.cloudflare.com/hc/en-us/article_attachments/115005733367/http2-server-push-2.png Article IDs: 115002816808 | How do I enable HTTP/2 Server Push in WordPress ](https://developers.cloudflare.com/_astro/hc-import-http2_server_push_2.CwfrU1Mt_66GP7.webp) Cloudflare supports HTTP/2 Server Push and it can be enabled for stylesheets and scripts using Cloudflare’s WordPress plugin. In order to utilise this feature, you must first ensure you have the Cloudflare WordPress plugin [installed and set up on your site](https://developers.cloudflare.com/automatic-platform-optimization/). Once the plugin is installed, you can enable HTTP/2 Server Push by adding the following line to your `wp-config.php` file: ``` define('CLOUDFLARE_HTTP2_SERVER_PUSH_ACTIVE', true); ``` You should insert this line above where it says _"/\* That's all, stop editing! Happy blogging. \*/_", like follows:| ![Old URL: https://support.cloudflare.com/hc/en-us/article_attachments/115005733547/Screen_Shot_2017-02-09_at_16.09.31.png Article IDs: 115002816808 | How do I enable HTTP/2 Server Push in WordPress ](https://developers.cloudflare.com/_astro/hc-import-screen_shot_2017_02_09_at_16_09_31.CgPyEpOq_Tk4OA.webp) You should then start to see requests coming in which are initiated through Server Push, for example, in the Network tab of Chrome Development Tools you should see some assets have "Push" as the initiator: ![Old URL: https://support.cloudflare.com/hc/en-us/article_attachments/115005787688/Screen-Shot-2016-04-26-at-15-08-59.png Article IDs: 115002816808 | How do I enable HTTP/2 Server Push in WordPress ](https://developers.cloudflare.com/_astro/hc-import-screen_shot_2016_04_26_at_15_08_59.CUaoZjsJ_Z2audva.webp) ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/third-party-software/","name":"Third-Party Software"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/third-party-software/content-management-system-cms/","name":"Content Management System (CMS)"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/third-party-software/content-management-system-cms/how-do-i-enable-http2-server-push-in-wordpress/","name":"How do I enable HTTP2 Server Push in WordPress"}}]} ``` --- --- title: Improving web security for content management systems like WordPress description: Content Management Systems make it easy to create, update, and manage content. However, they can also introduce vulnerabilities that may lead to server compromise and data theft. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Improving web security for content management systems like WordPress Content Management Systems make it easy to create, update, and manage content. However, they can also introduce vulnerabilities that may lead to server compromise and data theft. There are many Cloudflare features that can be used for preventing such attacks, but they can also disrupt normal administrative processes such as logging in or uploading images. With proper configuration, you can protect your site from attacks without losing important functionality. --- ## Stage One: Improve Site Security In this stage, you are reinforcing the zone’s security features, which may cause additional disruption to admin features until exceptions can be applied. For that reason, it’s recommended to make these changes with expected administrative downtime. The following should be considered an overview of some recommended security actions, and not a comprehensive guide. Refer to the developer documentation for specific products or features for more information. ### Cloudflare Managed Rulesets The [WAF Managed Rulesets](https://developers.cloudflare.com/waf/managed-rules/) are pre-configured rulesets that provide immediate protection against a variety of attacks, and are regularly updated. Many rules are turned on by default, but not all. It is recommended that you browse the Cloudflare Managed Ruleset to find any additional rules tagged for your content management system not enabled, and enable them: ![Dashboard screenshot filtering for WordPress](https://developers.cloudflare.com/_astro/Wordpress-configure-deployment.BlJp-YAR_Z2mTEVy.webp) ### Managed Rulesets on the Free Plan While the feature to customize these managed rulesets required a paid plan, the [Free Cloudflare Managed Ruleset ↗](https://blog.cloudflare.com/waf-for-everyone/#the-free-cloudflare-managed-ruleset) is automatically deployed on any new Cloudflare zone. This ruleset is specially designed to reduce false positives to a minimum across a very broad range of traffic types. As of today, the ruleset contains the following rules: * Log4J rules matching payloads in the URI and HTTP headers; * Shellshock rules; * Rules matching very common WordPress exploits; Additionally, you can configure many aspects of the [OWASP Core Ruleset](https://developers.cloudflare.com/waf/managed-rules/reference/owasp-core-ruleset/), including the anomaly threshold, paranoia level, and individual rules. One good practice is to ensure any rules related to XSS and SQL injection are enabled. --- ## Stage Two: Restore Administrative Functions Using the principle of least privilege, you can run some test actions from the admin panel to audit what is blocked and what is allowed. With this information, you can create precise exceptions. If the behavior doesn’t match your expectations, make sure to check that: 1. The DNS record is proxied 2. You don’t have any Rules that would interfere with the WAF (like a Page Rule that is set to Disable Security) After generating enough requests to have a good sample logged in your Firewall Events, observe the actions that were taken in the Managed rules section: ![](https://developers.cloudflare.com/_astro/Screenshot_2022-12-23_at_16.40.29.CVmDpgm0_Z1g2Yq0.webp) Next, you can use this information to create a Skip Rule that excludes only the rules that prevent administrative actions: ![](https://developers.cloudflare.com/_astro/Screenshot_2022-12-22_at_13.49.18.BqRv97eV_2fg3DX.webp) ### When incoming requests match… It is recommended to make this rule as tightly defined as possible, particularly without the additional protections listed below. While the exact content will be site-specific, some possible fields to use are: * IP Source Address * AS Num * Cookie * User Agent Make sure to apply the rule _only_ to the admin portion of your CMS. With WordPress for example, you can set a condition like '_URI Path contains /wp-admin/_'. Any of these fields can be spoofed, so this is not a security measure on its own. The purpose is to restore administrative functions only to conditions that may need them, while using other tools and features (including strong passwords on your CMS logins!) to secure access. ### Skip specific rules from a Managed Ruleset Next, you want to use the information from your Firewall logs to select which rules to skip by [adding an exception](https://developers.cloudflare.com/waf/custom-rules/skip/). For WordPress, I’ve chosen the following: ![](https://developers.cloudflare.com/_astro/Screenshot_2022-12-23_at_17.08.37.DOHMox3u_Z1RR8gr.webp) After this is complete, you will want to create a similar rule for any rulesets that prevent you from logging in. In my use case, I only needed to skip “OWASP Core Ruleset 949110.” **Note:** You may also want to consider adding a rule to skip the CMS-specific rules you enabled for non-CMS sections of your site if they cause any issues. Just follow the steps above, and set it to skip any of the Cloudflare Managed Ruleset rules that were enabled above. You can set this based on hostname, URI, or cookie, using the operators **does not equal, does not match,** or **does not contain**. Make sure to set your Skip rules to be at a higher priority than the Execute rules. --- ## Stage Three: Restrict Access Now that you’ve elevated your security to protect the publicly accessible parts of your site against attacks and restored necessary administrative capabilities, you can further restrict who can access your admin panel in case of weak or exposed login credentials. ### Zero Trust [Zero Trust ↗](https://www.cloudflare.com/plans/zero-trust-services/) Web Applications is the best way to limit access to your admin panel. You can restrict access based on user instead of device, and it allows for very granular control. Setup of a Self-hosted web application is very easy, for more information refer to the [Self-hosted applications](https://developers.cloudflare.com/cloudflare-one/access-controls/applications/http-apps/self-hosted-public-app/) section of the Zero Trust developer documentation. After configuring a web application, users will be required to authenticate in some way before they can access the restricted content. The default method is through email multifactor authentication: ![](https://developers.cloudflare.com/_astro/Screenshot_2022-12-22_at_14.39.21.Qh93SiQK_Z2l3sX2.webp) ### WAF custom rules with mTLS While designed for authenticating appliances that cannot perform a login, you can use mTLS as another method of multifactor authentication (what you know and what you have) to authenticate based on device certificate. Do the following: 1. [Create a client certificate](https://developers.cloudflare.com/ssl/client-certificates/create-a-client-certificate/) and save both the certificate and key to your device. 2. Import the certificate to your computer’s key storage. With macOS Keychain, you can use the steps listed in [Test in the browser](https://developers.cloudflare.com/cloudflare-one/access-controls/service-credentials/mutual-tls-authentication/#test-in-the-browser). 3. [Enable mTLS](https://developers.cloudflare.com/ssl/client-certificates/enable-mtls/) by adding the correct host. 4. In **SSL/TLS** \> **Client Certificates**, select **Create mTLS Rule**. 5. Under **When incoming requests match**, enter a value for thr **URI Path** field to narrow the rule scope to the admin section, otherwise you will block your visitors from accessing the public content. 6. Set the rule to _Block_ any requests made to your admin panel if the client certificate is not verified. 7. Select **Deploy**. This creates a WAF custom rule that checks all requests to the admin section for a valid client certificate. **Note:** If you have issues getting your certificate to verify, try accessing the page in a private window. If it works, the previous successful TLS state may be cached in your browser. ### Rate Limiting Rate limiting rules can help protect your login page from an attacker trying to guess your account password with a [brute force attack ↗](https://www.cloudflare.com/learning/bots/brute-force-attack/). You can define rate limits for requests matching an expression, as well as the action to perform when those rate limits are reached. Rate Limiting Rules are now available unmetered, on all plans. For more information, refer to the [developer documentation](https://developers.cloudflare.com/waf/rate-limiting-rules/). --- ## Resources * [WAF Managed Rules](https://developers.cloudflare.com/waf/managed-rules/) * [Cloudflare OWASP Core Ruleset](https://developers.cloudflare.com/waf/managed-rules/reference/owasp-core-ruleset/) * [Configure a custom rule with the Skip action](https://developers.cloudflare.com/waf/custom-rules/skip/) * [Zero Trust Services ↗](https://www.cloudflare.com/plans/zero-trust-services/) * [Client certificates](https://developers.cloudflare.com/ssl/client-certificates/) * [Rate limiting rules](https://developers.cloudflare.com/waf/rate-limiting-rules/) ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/third-party-software/","name":"Third-Party Software"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/third-party-software/content-management-system-cms/","name":"Content Management System (CMS)"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/third-party-software/content-management-system-cms/improving-web-security-for-content-management-systems-like-wordpress/","name":"Improving web security for content management systems like WordPress"}}]} ``` --- --- title: Speed Up WordPress and Improve Performance description: Cloudflare's CDN services can help cache your content across our giant global network, but performance isn't just about moving static files closer to your visitor. Cloudflare does more than offer a CDN, Cloudflare's optimisation features allow you to enhance the performance of your WordPress site beyond what a traditional CDN can do. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Speed Up WordPress and Improve Performance Cloudflare's CDN services can help cache your content across our giant global network, but performance isn't just about moving static files closer to your visitor. Cloudflare does more than offer a CDN, Cloudflare's optimisation features allow you to enhance the performance of your WordPress site beyond what a traditional CDN can do. ### Caching Anonymous Page Views ![Creating a cache rule for anonymous page views.](https://developers.cloudflare.com/_astro/hc-import-screen_shot_2017_03_09_at_16_54_36_1_.hRrVrFif_ZM7aKC.webp) Cloudflare's "[Bypass Cache on Cookie](https://developers.cloudflare.com/cache/how-to/cache-rules/examples/bypass-cache-on-cookie/)" functionality allows non-logged-in pages to be fully cached by Cloudflare. This means your server can save time and resources by not having to regenerate pages where the HTML is effectively static, whilst not interfering with dynamic behaviour - as soon as a user logs-in to the WordPress dashboard or adds something to their WooCommerce, the Edge cache is bypassed. ### Optimise Images Images can be incredibly costly to page load times; fortunately, Cloudflare can dramatically help improve image load times. You can find these features in the Cloudflare dashboard by going to **Speed** \> **Settings** \> **Image Optimization**. After enabling [**Polish**](https://developers.cloudflare.com/images/polish/), you can dramatically improve image and web page load times by compressing images and stripping metadata. Lossless will strip most metadata (`EXIF` data, for example) but doesn't change the image detail. Lossy will strip most metadata and compresses images by approximately 48 percent. ### Enable HTTP/2 **HTTP/2** allows for a multitude of performance features including multiplexing, header compression. In order to enable HTTP/2 on your WordPress site, ensure that your site is loaded over HTTPS. After **enabling SSL** you must also ensure that users are redirected to the HTTPS version so that it can be loaded over HTTP/2\. You can do this using an _Always use HTTPS_ **Page Rule**: ![Create a page rule to ensure your Wordpress website is correctly loaded over HTTP/2](https://developers.cloudflare.com/_astro/hc-import-screen_shot_2016_09_30_at_15_34_14.DNIz1oVk_1HU8mL.webp) Cloudflare's **WordPress plugin** allows you to push necessary assets to your users using HTTP/2 Server Push, dramatically reducing the amount of roundtrips required to load CSS and JavaScript. Refer to [How do I enable HTTP/2 Server Push in WordPress ↗](https://developers.cloudflare.com/support/third-party-software/content-management-system-cms/how-do-i-enable-http2-server-push-in-wordpress/) for a tutorial on setting it up. ### Minify Assets If you are using Grunt or Gulp as part of a build process, you can implement minification in your builds. Due to HTTP/2 multiplexing requests, we advise against concatenating CSS or JavaScript files together or installing anything on your server which may do this. ### Advanced Performance Tools Enterprise users can utilise [Prefetching URLs From HTML Headers](https://developers.cloudflare.com/speed/optimization/content/prefetch-urls/) and [custom cache keys](https://developers.cloudflare.com/cache/how-to/cache-keys/) to enhance caching. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/third-party-software/","name":"Third-Party Software"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/third-party-software/content-management-system-cms/","name":"Content Management System (CMS)"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/third-party-software/content-management-system-cms/speed-up-wordpress-and-improve-performance/","name":"Speed Up WordPress and Improve Performance"}}]} ``` --- --- title: What settings are applied when I click Optimize Cloudflare for WordPress in Cloudflare's WordPress plugin description: If you are using Cloudflare's WordPress plugin, our "Optimize Cloudflare for WordPress" one-click configuration applies the following settings to your WordPress site: image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # What settings are applied when I click Optimize Cloudflare for WordPress in Cloudflare's WordPress plugin ## Overview If you are using [Cloudflare's WordPress plugin](https://developers.cloudflare.com/automatic-platform-optimization/), our "Optimize Cloudflare for WordPress" one-click configuration applies the following settings to your WordPress site: ![Cloudflare's one-click configuration WordPress plugin.](https://developers.cloudflare.com/_astro/dash-optimize_wordpress._LfAKotB_Z15Do82.webp) | **Setting** | **Value** | | --------------------------- | ---------------------------------- | | Caching level | Standard | | Browser Cache TTL | 4 hours | | Always Online | On | | Development Mode | Disabled | | IPV6 Compatibility | On | | WebSockets | On | | IP Geolocation | On | | Email Address Obfuscation | On | | Hotlink Protection | Off | | Image optimization (Polish) | Off (unless on Pro or higher plan) | | Rocket Loader | Off | ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/third-party-software/","name":"Third-Party Software"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/third-party-software/content-management-system-cms/","name":"Content Management System (CMS)"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/third-party-software/content-management-system-cms/what-settings-are-applied-when-i-click-optimize-cloudflare-for-wordpress-in-cloudflares-wordpress-plugin/","name":"What settings are applied when I click Optimize Cloudflare for WordPress in Cloudflare's WordPress plugin"}}]} ``` --- --- title: WordPress Jetpack and Cloudflare description: Cloudflare and Jetpack for WordPress should require no additional configuration to operate together. However we do have some security features designed to protect your Jetpack installation, read on below to learn more. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # WordPress Jetpack and Cloudflare ## Overview Cloudflare and Jetpack for WordPress should require no additional configuration to operate together. However we do have some security features designed to protect your Jetpack installation, read on below to learn more. ### Default Jetpack protection from Cloudflare The Cloudflare WAF managed rule WP0007 protects the `xmlrpc.php` file on all Cloudflare plans to allow only Jetpack to use the `xmlrpc.php?for=jetpack` query string. Cloudflare does this by only allowing the IP range of Jetpack’s automation systems. As such, any attempt to access `xmlrpc.php?for=jetpack` from an IP that is not a genuine Jetpack IP address will be blocked with a `HTTP 403 Forbidden` message from Cloudflare. This in itself is nothing to worry about and improves the security of your website and does not affect the functionality of Jetpack whatsoever. For more information about why this was originally implemented, take a look at our blog post on the subject: [https://blog.cloudflare.com/our-waf-is-keeping-wordpress-jetpack-on-track/ ↗](https://blog.cloudflare.com/our-waf-is-keeping-wordpress-jetpack-on-track/) ### Additional WAF managed rules that can impact Jetpack There is a specific rule in [Web Application Firewall (WAF) ↗](https://www.cloudflare.com/waf/) managed rules that if enabled will block Jetpack’s servers from administering your settings. The WAF managed rule “WP0002 - Block WordPress XML-RPC” rule is disabled by default, but when enabled it completely disables access to the `xmlrpc.php` file. As such, we only recommend enabling this rule as an emergency measure if your `xmlrpc.php` endpoint is being attacked. For further guidance, please contact our Support team. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/third-party-software/","name":"Third-Party Software"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/third-party-software/content-management-system-cms/","name":"Content Management System (CMS)"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/third-party-software/content-management-system-cms/wordpress-jetpack-and-cloudflare/","name":"WordPress Jetpack and Cloudflare"}}]} ``` --- --- title: WordPress.com and Cloudflare description: Cloudflare and WordPress.com are partnering to offer customers Cloudflare's performance and security solutions with WordPress.com's web-hosting platform. Getting started is easy. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # WordPress.com and Cloudflare ## Getting started with WordPress.com and Cloudflare Cloudflare and WordPress.com are partnering to offer customers Cloudflare's performance and security solutions with WordPress.com's web-hosting platform. Getting started is easy. 1\. Add your WordPress site to Cloudflare. Do the following: * [Create a Cloudflare account](https://developers.cloudflare.com/fundamentals/account/create-account/). * [Onboard your domain](https://developers.cloudflare.com/fundamentals/manage-domains/add-site/) to Cloudflare. During this process, Cloudflare scans your existing WordPress.com DNS records and displays them. The records will look similar to the examples below. * `A example.com 192.0.78.12` * `A example.com 192.0.78.13` WordPress.com does not guarantee the IP address will never change. For maximum uptime, you should complete the following: 2\. Find your `.wordpress.com` domain from the [Manage Domains ↗](https://wordpress.com/domains/manage) page. The domain will look like `examplecom.wordpress.com`, i.e. your domain with non-alphanumeric characters removed. 3\. Enter the domain into your browser's address bar to make sure the domain is correct. 4\. Add the record `CNAME @ examplecom.wordpress.com`. 5\. Remove the A records. ![Example of completed CNAME record setup.](https://developers.cloudflare.com/_astro/add-cname-wp.lnbdP-lN_1gfFxY.webp) Congratulations! Your site is now accelerated and protected by Cloudflare. --- ## Enabling additional Cloudflare products ## **Cloudflare Web Analytics (Free)** Cloudflare Web Analytics gives web creators the information they need in a simple, clean way that doesn't sacrifice their visitors' privacy. One of the goals of the partnership is to bring a privacy-first analytics solution to WordPress.com sites. ### Cloudflare 1\. [Open your dashboard ↗](https://dash.cloudflare.com/) and select the Account menu > **Account Home**. 2\. On the Account homepage, select **Analytics & Logs > Web Analytics**. 3\. Enter the hostname to use with Web Analytics. Typically the hostname is your top-level domain, like `example.com`. 4\. Click **Next**. 5\. Select **Click to copy** under **Copy JS Snippet**. ### WordPress 1\. Open WordPress and select your site. 2\. Select **Tools** \> **Marketing**. 3\. Locate the Cloudflare section. 4\. Paste the code snippet you copied from Cloudflare into the **Tracking ID** field. The field will extract the Tracking ID from the snippet. 5\. Toggle **Add to Cloudflare** to enable the tracking. WordPress.com automatically adds the javascript to each page of your site. You can view the new insights from your Cloudflare dashboard under **Web Analytics**. ## **Automatic Platform Optimization for WordPress.com ($5/month, included with Pro and Business plans)** Cloudflare's [Automatic Platform Optimization ↗](https://www.cloudflare.com/automatic-platform-optimization/wordpress/) for WordPress.com is the easiest way to drastically speed up your WordPress.com site. With the [APO plugin ↗](https://wordpress.org/plugins/cloudflare/), Cloudflare accelerates your WordPress.com site by intelligently caching dynamic content, which means fast performance for your visitors no matter where they are. For more information, refer to [Automatic Platform Optimization](https://developers.cloudflare.com/automatic-platform-optimization/) and to the [blog ↗](https://blog.cloudflare.com/automatic-platform-optimizations-starting-with-wordpress/). ### **Requirements** Warning The [Automatic Platform Optimization (APO) ↗](https://www.cloudflare.com/automatic-platform-optimization/wordpress/)feature requires that you be on a [Full Setup](https://developers.cloudflare.com/dns/zone-setups/full-setup/)using Cloudflare nameservers. * Cloudflare free plan + $5/month APO add-on or a Pro or Business plan subscription (includes APO) * WordPress.com Business plan or above (requires plugins) ### **Install and enable APO** 1\. From WordPress, install the [Cloudflare WordPress plugin ↗](https://wordpress.org/plugins/cloudflare/) on your WordPress website or update to the latest version (3.8.2 or higher). 2\. [Authenticate the plugin ↗](https://wordpress.org/plugins/cloudflare/#installation) to connect to Cloudflare if you have not already done so. 3\. From the Home screen of the Cloudflare section, turn on Automatic Platform Optimization. For more details, refer to [Understanding Automatic Platform Optimization (APO) with WordPress](https://developers.cloudflare.com/automatic-platform-optimization/). --- ## Troubleshooting ### **How do I verify that Cloudflare is now my DNS provider on record?** 1\. Visit [https://dnschecker.org ↗](https://dnschecker.org/#A/s-steiner.com). 2\. From the dropdown under **DNS Check, s**elect NS record. 3\. In the text field, enter your domain name and click **Search**. 4\. Verify that your Cloudflare nameservers display. ### **How can I confirm APO is up and running?** In a terminal, use the following cURL. The header `'accept: text/html'` is important Terminal window ``` curl -svo /dev/null -A "CF" 'https://example.com/' -H 'accept: text/html' 2>&1 | grep 'cf-cache-status\|cf-edge\|cf-apo-via' ``` ``` < cf-cache-status: HIT < cf-apo-via: cache < cf-edge-cache: cache,platform=wordpress ``` As always, `cf-cache-status` displays if the asset hit the cache or was considered dynamic and served from the origin. * The `cf-apo-via` header returns the APO status for the given request. * The `cf-edge-cache` header means the WordPress plugin is installed and enabled. ### How can I verify APO and the WordPress.com integration works? 1\. Publish a change on your WordPress website. 2\. Refresh the page twice. 3\. You should see a change. The page should be cached with `cf-cache-status: HIT` and `cf-apo-via: cache` in a response header. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/third-party-software/","name":"Third-Party Software"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/third-party-software/content-management-system-cms/","name":"Content Management System (CMS)"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/third-party-software/content-management-system-cms/wordpresscom-and-cloudflare/","name":"WordPress.com and Cloudflare"}}]} ``` --- --- title: Using Cloudflare with various forums description: Many widely used forum platforms are compatible with Cloudflare. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Using Cloudflare with various forums ## Overview Many widely used forum platforms are compatible with Cloudflare. These include: * [Discourse ↗](https://community.cloudflare.com/t/using-discourse-with-cloudflare-best-practices/602890) * vBulletin * Xenforo * MyBB If you have a forum using these platforms, you can increase its speed and safety by adding Cloudflare. --- ## Steps **1**. Cloudflare acts as a reverse proxy, meaning that all visitor IP addresses will become Cloudflare-affiliated IP addresses. If you are using services like **Stopforumspan** or blocking registration by IP address, you need to [restore original visitor IPs](https://developers.cloudflare.com/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/). **2**. To prevent admin functions from being affected by caching or performance features, create a [Cache Rule](https://developers.cloudflare.com/cache/how-to/cache-rules/settings/#bypass-cache) to bypass cache on the admin section of your site. **3**. If you want certain services to access your website (APIs or certain IPs), [configure the WAF](https://developers.cloudflare.com/waf/). **4**. Review your DNS records to make sure all your subdomain records are present. If you cannot find a subdomain, [add the DNS record](https://developers.cloudflare.com/dns/manage-dns-records/how-to/create-dns-records/). ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/third-party-software/","name":"Third-Party Software"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/third-party-software/forum-software/","name":"Forum Software"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/third-party-software/forum-software/using-cloudflare-with-various-forums-vbulletin-xenforo-mybb/","name":"Using Cloudflare with various forums"}}]} ``` --- --- title: Configure Cloudflare and Heroku over HTTPS description: Heroku is a cloud PaaS that supports several pre-configured programming languages. Heroku deals with all your infrastructure so you can focus on your application without having to work at the command line. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Configure Cloudflare and Heroku over HTTPS ## Overview Heroku is a cloud PaaS that supports several pre-configured programming languages. Heroku deals with all your infrastructure so you can focus on your application without having to work at the command line. This article describes how to configure Heroku with Cloudflare to serve your traffic over HTTPS. For this article, we'll assume that you already have an [active domain on Cloudflare](https://developers.cloudflare.com/fundamentals/manage-domains/), as well as a running Heroku app. --- ## Step 1 - Add a custom domain to your Heroku app Follow Heroku's instructions: [Custom Domain Names for Apps ↗](https://devcenter.heroku.com/articles/custom-domains). --- ## Step 2 - Add a subdomain in Cloudflare DNS Below, you will need to add DNS records for a subdomain and the apex domain (also known as "root domain"). Learn how to [Managing DNS records in Cloudflare](https://developers.cloudflare.com/dns/manage-dns-records/how-to/create-dns-records/). ### Step 2a - Add a subdomain In the Cloudflare dashboard, go to the **DNS Records** page. [ Go to **Records** ](https://dash.cloudflare.com/?to=/:account/:zone/dns/records) Add a 'www' _CNAME_ record that points to the custom domain (also known as _DNS target_) that you obtained in Step 1 above for your subdomain. | Type | Name | Target | Proxy status | | ----- | ---- | ------------------------------ | ------------ | | CNAME | www | {example-domain}.herokudns.com | Proxied | ### Step 2b - Add your root domain Adding a root or apex domain on Heroku also requires using a CNAME record pointed from your root. You cannot use A records on Heroku because no IP addresses are exposed for Heroku users to use. Fortunately, Cloudflare offers [CNAME flattening](https://developers.cloudflare.com/dns/cname-flattening/) to resolve requests for your root domain. Add a CNAME record for your root and point it to DNS target you obtained in Step 1 above for your domain. | Type | Name | Target | Proxy status | | ----- | ---- | ------------------------------ | ------------ | | CNAME | @ | {example-domain}.herokudns.com | Proxied | --- ## Step 3 - Confirm that your domain is routed through Cloudflare The easiest way to confirm that Cloudflare is working for your domain is to issue a cURL command. Terminal window ``` curl -I www.example.com ``` ``` HTTP/1.1 200 OK Date: Tue, 23 Jan 2018 18:51:30 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Cache-Control: public, max-age=0 Last-Modified: Mon, 31 Dec 1979 04:08:00 GMT X-Powered-By: Express Server: cloudflare CF-RAY: 3e1cf1d936f28c52-SFO-DOG ``` You can identify Cloudflare-proxied requests by the _CF-Ray_ response header. If either of these two are present, your requests are being proxied by Cloudflare accordingly. You can repeat the above cURL command for any of the subdomains that you have configured within your DNS settings. --- ## Step 4 - Configure your domain for SSL ### Step 4a - Enable SSL Cloudflare provides a SANs wildcard certificate with all paid plans, and a SNI wildcard certificate with the Free plan. Full details on SSL [can be found here ↗](https://www.cloudflare.com/ssl). If you don't know what this means, navigate to the **Overview** tab of the **SSL/TLS** app in your Cloudflare dashboard. Select _Flexible_ mode to serve your site over HTTPS to all public visitors. Once the certificate status changes to **• Active Certificate**, incoming traffic will be served to your site over HTTPS. Visitors will see HTTPS prefixed to your domain name in the browser bar. ### Step 4b - Force all traffic over HTTPS To ensure all traffic to your site is encrypted, Cloudflare lets you force an automatic HTTPS redirect. To configure this, refer to [Always Use HTTPS](https://developers.cloudflare.com/ssl/edge-certificates/additional-options/always-use-https/). You can then use a cURL command to verify that all requests are being forced over HTTPS. Terminal window ``` curl -I -L example.com ``` ``` HTTP/1.1 301 Moved Permanently Date: Tue, 23 Jan 2018 23:17:44 GMT Connection: keep-alive Cache-Control: max-age=3600 Expires: Wed, 24 Jan 2018 00:17:44 GMT Location: https://example.com/ Server: cloudflare CF-RAY: 3e1e77d5c42b8c52-SFO-DOG ``` If SSL was not working for your domain (for example, your SSL certificate has not yet been issued), you would see a [525](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-525/) or [526](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-526/) HTTP response after the redirect. Please note that the issuing of a Universal SSL certificate typically takes up to 24 hours. Our paid SSL certificates issue within 10-15 minutes. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/third-party-software/","name":"Third-Party Software"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/third-party-software/others/","name":"Others"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/third-party-software/others/configure-cloudflare-and-heroku-over-https/","name":"Configure Cloudflare and Heroku over HTTPS"}}]} ``` --- --- title: Reduce data transfer (egress costs) between Azure and Cloudflare description: Cloudflare launched Bandwidth Alliance in 2018 – a group of forward-looking cloud and storage providers who have agreed to waive or steeply discount egress costs for mutual customers. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Reduce data transfer (egress costs) between Azure and Cloudflare ## Overview Cloudflare launched Bandwidth Alliance in 2018 – a group of forward-looking cloud and storage providers who have agreed to waive or steeply discount egress costs for mutual customers. Cloudflare customers using Azure can lower their egress bills between Cloudflare and Azure via [Microsoft Routing Preference ↗](https://docs.microsoft.com/en-us/azure/virtual-network/routing-preference-overview). --- ## How to To lower your data transfer costs from Azure and Cloudflare: 1. In the Azure portal, go to your storage account. 2. Navigate to **Network Routing > Firewalls and virtual networks**. 3. For **Routing preference**, choose **Internet routing**. 4. Publish route-specific endpoint to **Internet routing**. 5. Navigate to **Properties**. 6. Locate the endpoint values for **Internet Routing**. 7. Enter these endpoint values in your Cloudflare Dashboard. ![Example of where to enter endpoint URLs from Microsoft Azure into your Cloudflare dashboard.](https://developers.cloudflare.com/_astro/bandwidth-alliance.BYbPK3YS_Z1hQW7.webp) For additional details, refer to [Configure network routing preference for Azure Storage ↗](https://docs.microsoft.com/en-us/azure/storage/common/configure-network-routing-preference?tabs=azure-portal) and [Microsoft Routing Preference ↗](https://docs.microsoft.com/en-us/azure/storage/common/network-routing-preference). --- ## Related resources * [Microsoft Azure data transfer announcement ↗](https://blog.cloudflare.com/discounted-egress-for-cloudflare-customers-from-microsoft-azure-is-now-available/) (blog) * [Bandwidth Alliance ↗](https://www.cloudflare.com/bandwidth-alliance/) ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/third-party-software/","name":"Third-Party Software"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/third-party-software/others/","name":"Others"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/third-party-software/others/reduce-data-transfer-egress-costs-between-azure-and-cloudflare/","name":"Reduce data transfer (egress costs) between Azure and Cloudflare"}}]} ``` --- --- title: Cannot locate dashboard account description: We are making some improvements to our support experience. This could be causing a temporary issue linking your dashboard account and your Cloudflare Help Center My Activities sign-on information. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Cannot locate dashboard account We are making some improvements to our support experience. This could be causing a temporary issue linking your [dashboard account ↗](https://dash.cloudflare.com) and your Cloudflare [Help Center My Activities sign-on information ↗](https://support.cloudflare.com/hc/requests). ## Accounts with paid services If you have an account with paid services: 1. Open a case with us through our [support portal ↗](https://dash.cloudflare.com/?to=/:account/support). 2. Choose **Technical support** \> **Account** \> **Support Platform** \> **Other**. 3. For **Is your issue domain related?**, select "No". 4. For **Summary**, enter "Can't access Cloudflare Help Center My Activities." 5. Select **Add more details** or **Open a Case**. 6. For **Description**, enter a brief description of the issue using at least 20 words. 7. Select **Submit Case**. This process will allow us to link your account inside our new support system. ## Free accounts If you are a free account customer, you do not have access to this feature, but you can get assistance in many other ways: * By joining the conversation in our [Community forums ↗](https://community.cloudflare.com/). * By joining our [Discord server ↗](https://discord.cloudflare.com/). * By checking out our [Documentation](https://developers.cloudflare.com/). * By visiting the [Cloudflare Help Center ↗](https://support.cloudflare.com/). There you will find our most frequently asked questions, steps to issue resolution, and more. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/general-troubleshooting/","name":"General Troubleshooting"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/general-troubleshooting/cannot-locate-dashboard-account/","name":"Cannot locate dashboard account"}}]} ``` --- --- title: Gathering information for troubleshooting sites description: It is important to capture as much information as possible to diagnose an issue and to provide adequate details to Cloudflare support. This article explains how to gather troubleshooting information commonly requested by Cloudflare Support. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Gathering information for troubleshooting sites ## About this guide It is important to capture as much information as possible to diagnose an issue and to [provide adequate details to Cloudflare support](https://developers.cloudflare.com/support/contacting-cloudflare-support/). This article explains how to gather troubleshooting information commonly requested by Cloudflare Support. Note Cloudflare support cannot make configuration changes on behalf of customers due to security and liability concerns. --- ## Quick reference: Choose the right tool Use this table to quickly identify which troubleshooting method to use based on your issue: | Issue Type | Recommended Tool | When to Use | | ------------------------------ | ----------------------------------------------------------------------------------- | --------------------------------------------------------- | | Page not loading correctly | [HAR file](#generate-a-har-file) | Visual issues, broken elements, slow page loads | | JavaScript errors | [Console log](#export-console-log) | CORS errors, scripts failing, browser-side errors | | Protocol errors (QUIC/HTTP2) | [NetLog dump](#capture-a-netlog-dump) | ERR\_QUIC\_PROTOCOL\_ERROR, ERR\_HTTP2\_PROTOCOL\_ERROR | | Slow response times | [curl (performance)](#performance) | Measuring latency, TLS handshake times | | HTTP errors (5xx, 4xx) | [curl (HTTP errors)](#http-errors) | Determining if errors originate from Cloudflare or origin | | Caching issues | [curl (caching)](#caching) | Cache misses, stale content, cache headers | | SSL/TLS certificate issues | [curl (SSL/TLS)](#ssltls-certificates) | Certificate errors, TLS version issues | | Connection timeouts/drops | [Traceroute](#perform-a-traceroute) / [MTR](#perform-a-mtr) | Network path issues, latency between hops | | Packet loss, connection resets | [Packet capture](#run-packet-captures) | Layer 3/4 issues, SSL handshake failures | | Identifying serving location | [Cloudflare data center](#identify-the-cloudflare-data-center-serving-your-request) | Determine which Cloudflare PoP is serving requests | --- ## Browser-based troubleshooting These tools capture information directly from your web browser and are useful for diagnosing issues with how pages load and render. ### Generate a HAR file When to use Use a HAR file when you experience **visual issues, broken page elements, slow page loads, or need to capture the full sequence of HTTP requests** made by your browser. This is often the first thing Cloudflare Support will request. A HTTP Archive (HAR) records all web browser requests including the request and response headers, the body content, and the page load time. Be sure to use Incognito Mode or a Private Browsing window. Warning A HAR file can include sensitive details such as passwords, payment information, and private keys. Remove sensitive information using a [HAR Sanitizer ↗](https://har-sanitizer.pages.dev/). For security reasons Cloudflare support cannot open compressed files such as ZIP, GZIP, TAR, etc. Some browsers either require a browser extension or cannot generate a HAR. When installing a browser extension, follow the instructions from the extension provider. #### In Chrome 1. In a browser page viewed in Incognito Mode, right-click anywhere and select **Inspect Element**. 2. The Chrome DevTools appear either at the bottom, or left side of the browser. Click the **Network** tab. ![HAR network tab screenshot from Chrome developer tools](https://developers.cloudflare.com/_astro/gathering_har_file_network.ChkQZzBt_1cX2QN.webp) 1. Check **Preserve log**. Please also check **Disable cache** if you are reporting a Cloudflare Cache issue. 2. Click record. ![HAR record button in chrome dev tools.](https://developers.cloudflare.com/_astro/gathering_har_file_record.BkFUFIPY_Z1rjPkR.webp) 1. Browse to the URL that causes issues. Once the issue is experienced, click the "Export HAR" option at the top of DevTools. ![export HAR option in Chrome DevTools](https://developers.cloudflare.com/_astro/export_har_chrome.DaDwwlXd_1GDXQU.webp) 1. Attach the HAR file to your support ticket. Note As of Chrome 130, this exports a sanitized HAR with redacted cookies and personalised data. To disable this, go to DevTools **Settings** \> **Preferences** \> **Network** \> **Allow to generate HAR with sensitive data**. #### In Firefox 1. While using a Private Window, use the application menu and select **Tools** \> **Web Developer** \> **Network** or press _Ctrl+Shift+I_ (Windows/Linux) or _Cmd+Option+I_ (OS X). 2. Browse to the URL that causes issues. 3. After duplicating the issue, right-click and choose **Save All As HAR**. #### In Microsoft Edge 1. In a Private window, navigate to **Developer tools** (use `F12` as a shortcut) and select the **Network** tab. 2. Browse to the URL that causes issues. 3. After duplicating the issue, click on **Export as HAR** followed by **Save As...**. #### In Safari 1. In Safari, ensure a **Develop** menu appears at the top of a Private Window in the browser window. Otherwise, go to **Safari** \> **Preferences** \> **Advanced** and select **Show Develop Menu in menu bar** 2. Navigate to **Develop** \> **Show Web Inspector**. 3. Browse to the URL that causes issues. 4. Ctrl + click on a resource within Web Inspector and click **Export HAR**. #### In Mobile **For Android:** 1. Enable USB Debugging mode on your mobile device. 2. Go to `chrome://inspect/#devices`. 3. If debugging mode is enabled, you will see your device listed below “Remote Target” like the example below: ![Where to find the Inspect Devices when in Debug Mode for Android.](https://developers.cloudflare.com/_astro/step_1.BKH5ksch_d1pFw.webp) 1. Type in the URL, select **Open** and **inspect** to open Chrome’s DevTools. 2. Select the **Network** tab in the DevTools window. 3. Check **Preserve log**. Please also check **_Disable cache_** if you are reporting a Cloudflare Cache issue. 4. Click **record**. ![Where to find the record button in Chrome's dev tools.](https://developers.cloudflare.com/_astro/step_2_-_better.CJPZfMsT_ZFcWeB.webp) 1. Browse to the URL that causes issues. Once the issue is experienced, right-click on any of the items within the **Network** tab and select **Save all as HAR with Content**. ![How to save HAR content. ](https://developers.cloudflare.com/_astro/step_3.D5uw6wSa_ZSqeJ0.webp) 1. Attach the HAR file to your support ticket alongside a screen recording from the affected Samsung device. Instructions on how to do this from Samsung devices can be found in [Samsung's documentation here ↗](https://www.samsung.com/au/support/mobile-devices/screen-recorder/). --- **For iPhone:** Refer to [Okta ↗](https://support.okta.com/help/s/article/How-to-generate-a-HAR-capture-on-an-iOS-device?language=en%5FUS) or [Apple's ↗](https://developer.apple.com/library/archive/documentation/AppleApplications/Conceptual/Safari%5FDeveloper%5FGuide/GettingStarted/GettingStarted.html#//apple%5Fref/doc/uid/TP40007874-CH2-SW1) support article on how to generate a HAR file from an iOS device. Attach the HAR file to your support ticket alongside a screen recording from the affected iOS device. Apple devices now have [built-in screen recording functionality ↗](https://support.apple.com/en-us/HT207935). ### Export Console Log When to use Use a console log when you experience **JavaScript errors, CORS issues, or when requests are blocked or cancelled by the browser**. This captures browser-side errors that may not appear in a HAR file. In certain situations when request is not issued or cancelled by the browser (for example, due to [CORS ↗](https://developer.mozilla.org/en-US/docs/Glossary/CORS)), we need to get JS console log output, in addition to the HAR file, to identify the root cause. #### In Chrome 1. Go to the **Console** tab from the DevTools bar. 2. Go to the Console Settings and select **Preserve Log**. 3. Leave the console open and perform the steps that reproduce the issue. 4. Right-click on any of the items within the **Console** tab and select **Save as** log file. 5. Attach the log file to your support ticket. ![How to find the console tab in Chrome's developer tools.](https://developers.cloudflare.com/_astro/console_snapshot.BshJeLnS_1H8z4j.webp) #### In Firefox 1. Go to the **Console** tab from the Web Developer Tools bar. 2. Go to the Console Settings and select **Persist Log** and **Show Timestamps**. 3. Leave the console open and perform the steps that reproduce the issue. 4. Right click, **Select All** messages and **Export Visible Messages to File**. 5. Attach the log file to your support ticket. #### In Microsoft Edge 1. Go to the **Console** tab from the Developer Tools bar. 2. Go to the Console Settings and select **Preserve Log**. 3. Leave the console open and perform the steps that reproduce the issue. 4. Right click on any of the items within the **Console** tab and select **Save as** log file. 5. Attach the log file to your support ticket. #### In Safari 1. Go to the **Console** tab from the Web Inspector bar. 2. Tick the box **Preserve Log**. 3. Leave the console open and perform the steps that reproduce the issue. 4. Select all the messages, right click and **Save Selected** to a log file. 5. Attach the log file to your support ticket. ### Capture a NetLog dump When to use Use a NetLog dump when you experience **protocol-level errors** such as `ERR_QUIC_PROTOCOL_ERROR` or `ERR_HTTP2_PROTOCOL_ERROR`. This provides detailed network-level debugging information that goes beyond what a HAR file captures. In some cases, in order to further troubleshoot issues related to protocols (errors such as `ERR_QUIC_PROTOCOL_ERROR`, `ERR_HTTP2_PROTOCOL_ERROR`, etc..) our Support team may ask you to provide a [NetLog dump ↗](https://www.chromium.org/for-testers/providing-network-details/). Warning You can only generate a NetLog dump on the Google Chrome, Opera or Microsoft Edge browsers. 1. Open a new tab and enter the following depending on the browser you're using: * `chrome://net-export` * `edge://net-export` * `opera://net-export` 1. Click the **Start Logging To Disk** button. 2. Reproduce the network problem in a different tab. (the `chrome://net-export/`, `edge://net-export/` or `opera://net-export` tab needs to stay open otherwise logging will automatically stop) 3. Click **Stop Logging** button. 4. Attach the log file to your support ticket. --- ## Command-line troubleshooting These tools are run from your terminal or command prompt and are useful for testing connectivity, performance, and server responses without browser overhead. ### Identify the Cloudflare data center serving your request When to use Use this when you need to **determine which Cloudflare Point of Presence (PoP) is serving your requests**. This is helpful when troubleshooting regional issues or verifying traffic routing. [A map of our data centers ↗](https://www.cloudflare.com/network-map) is listed on the [Cloudflare status page ↗](https://www.cloudflarestatus.com/), sorted by continent. The three-letter code in the data center name is the [IATA code ↗](http://en.wikipedia.org/wiki/IATA%5Fairport%5Fcode) of the nearest major international airport. Determine the Cloudflare data center serving requests for your browser by visiting:``` http://``_www.example.com_``/cdn-cgi/trace. ``` Replace `www.example.com` with your domain and hostname. Note the `colo` field from the output. ### Troubleshoot requests with curl When to use Use curl when you need to **test HTTP requests without browser interference**, measure performance metrics, check HTTP headers, or determine if an issue originates from Cloudflare or your origin server. [curl ↗](https://curl.se/) is a command line tool for sending HTTP/HTTPS requests and is useful for troubleshooting: * HTTP/HTTPS Performance * HTTP Error Responses * HTTP Headers * APIs * Comparing Server/Proxy Responses * SSL Certificates Note If you are using Windows, you can find more details on how to use curl on Windows in our [Making API calls on Windows](https://developers.cloudflare.com/fundamentals/api/how-to/make-api-calls/#making-api-calls-on-windows) article. Run the following command to send a standard HTTP GET request to your website (replace `www.example.com` with your hostname): ``` curl -svo /dev/null http://www.example.com/ ``` This example curl command returns output detailing the HTTP response and request headers but discards the page body output. curl output confirms the HTTP response and whether Cloudflare is currently proxying traffic for the site. Note Review the [curl command options ↗](https://curl.se/docs/manpage.html) for additional functionality. View the sections below for tips on troubleshooting HTTP errors, performance, caching, and SSL/TLS certificates: #### HTTP errors When troubleshooting HTTP errors in responses from Cloudflare, test whether your origin caused the errors by sending requests directly to your origin web server. To troubleshoot HTTP errors, run a curl directly to your origin web server IP address (bypassing Cloudflare’s proxy): ``` curl -svo /dev/null http://example.com --connect-to ::203.0.113.34 ``` Note If you have multiple origin web servers, test each one to ensure there are no response differences. If you observe the issue when connecting directly to your origin web server, contact your hosting provider for assistance. #### Performance curl measures latency or performance degradation for HTTP/HTTPS requests via the [\-w or \--write-out curl option ↗](https://curl.haxx.se/docs/manpage.html#-w). The example curl below measures several performance vectors in the request transaction such as duration of the TLS handshake, DNS lookup, redirects, transfers, etc: ``` curl -svo /dev/null https://example.com/ -w "\nContent Type: %{content_type} \ \nHTTP Code: %{http_code} \ \nHTTP Connect:%{http_connect} \ \nNumber Connects: %{num_connects} \ \nNumber Redirects: %{num_redirects} \ \nRedirect URL: %{redirect_url} \ \nSize Download: %{size_download} \ \nSize Upload: %{size_upload} \ \nSSL Verify: %{ssl_verify_result} \ \nTime Handshake: %{time_appconnect} \ \nTime Connect: %{time_connect} \ \nName Lookup Time: %{time_namelookup} \ \nTime Pretransfer: %{time_pretransfer} \ \nTime Redirect: %{time_redirect} \ \nTime Start Transfer: %{time_starttransfer} \ \nTime Total: %{time_total} \ \nEffective URL: %{url_effective}\n" 2>&1 ``` [Explanation of this timing output ↗](https://blog.cloudflare.com/a-question-of-timing/) is found on the Cloudflare blog. Note As demonstrated in the preceding example, cleaner results are achieved by denoting a new line with `\n` before each variable. Otherwise, all metrics are displayed together on a single line. #### Caching curl helps review the HTTP response headers that influence caching. In particular, review several HTTP headers when troubleshooting Cloudflare caching: * CF-Cache-Status * Cache-Control/Pragma * Expires * Last-Modified * s-maxage Note You can refer to the [Cloudflare Cache documentation](https://developers.cloudflare.com/cache/get-started/) for more details. #### SSL/TLS certificates #### Reviewing Certificates with curl The following curl command shows the SSL certificate served by Cloudflare during an HTTPS request (replace `www.example.com` with your hostname): Terminal window ``` curl -svo /dev/null https://www.example.com/ 2>&1 | egrep -v "^{.*$|^}.*$|^* http.*$" ``` Note `2\*>&1 | egrep -v "^{.*$|^}.*$|^\* http.\*$" \*` cleans and parses the TLS handshake and certificate information. To display the origin certificate (assuming one is installed), replace `203.0.113.34` below with the actual IP address of your origin web server and replace `www.example.com` with your domain and hostname: Terminal window ``` curl -svo /dev/null https://www.example.com --connect-to ::203.0.113.34 2>&1 | egrep -v "^{.*$|^}.*$|^* http.*$" ``` #### Testing TLS Versions If troubleshooting browser support or confirming what TLS versions are supported, curl allows you to test a specific TLS version by adding the [\--tlsv1.X ↗](https://curl.se/docs/manpage.html#--tlsv10) and [\--tls-max ↗](https://curl.se/docs/manpage.html#--tls-max) options to your curl: * `--tlsv1.0 --tls-max 1.0` * `--tlsv1.1 --tls-max 1.1` * `--tlsv1.2 --tls-max 1.2` * `--tlsv1.3 --tls-max 1.3` ### Temporarily pause Cloudflare When to use Use this when you need to **quickly determine if an issue is caused by Cloudflare or your origin server**. Pausing Cloudflare routes traffic directly to your origin, bypassing Cloudflare's proxy. For more details, refer to [Pause Cloudflare](https://developers.cloudflare.com/fundamentals/manage-domains/pause-cloudflare/). --- ## Network troubleshooting These tools help diagnose network-level issues such as routing problems, packet loss, and connection failures between your location and Cloudflare or your origin server. ### Perform a traceroute When to use Use traceroute when you experience **connection timeouts, slow connections, or need to identify where in the network path an issue occurs**. This shows each hop between your device and the destination. Traceroute is a network diagnostic tool that measures the route latency of packets across a network. Most operating systems support the `traceroute` command. If you experience connectivity issues with your Cloudflare-proxied website and [ask Cloudflare Support for assistance](https://developers.cloudflare.com/support/contacting-cloudflare-support/), ensure to provide output from a traceroute. Note Timeouts are possible for ping results because Cloudflare limits ping requests. Review the instructions below for running traceroute on different operating systems. Replace `www.example.com` with your domain and hostname in the examples below: #### Run traceroute on Windows 1. Open the **Start** menu. 2. Click **Run**. 3. To open the command line interface, type **cmd** and then click **OK**. 4. At the command line prompt, type: For IPv4 - Terminal window ``` tracert www.example.com ``` For IPv6 - Terminal window ``` tracert -6 www.example.com ``` 1. Press **Enter**. 2. You can copy the results to save in a file or paste in another program. #### Run traceroute on Linux 1. Open a terminal window. 2. At the command line prompt, type: For IPv4 - Terminal window ``` traceroute www.example.com ``` For IPv6 - Terminal window ``` traceroute -6 www.example.com ``` 1. You can copy the results to save in a file or paste in another program. #### Run traceroute on Mac OS 1. Open the **Network Utility** application. 2. Click the **Traceroute** tab. 3. Type the _domain_ or _IP address_ in the appropriate input field and press **Trace**. 4. You can copy the results to save in a file or paste in another program. Alternatively, follow the same Linux traceroute instructions above when using the Mac OS terminal program. ### Add the CF-RAY header to your logs When to use Use this when you need to **correlate specific requests with Cloudflare's logs** for troubleshooting. The CF-RAY header uniquely identifies each request through Cloudflare's network and is essential for Support investigations. The **CF-RAY** header traces a website request through Cloudflare's network. Provide the **CF-RAY** of a web request to Cloudflare support when troubleshooting an issue. You can also add **CF-RAY** to your logs by editing your origin web server configuration with the snippet below that corresponds to your brand of web server: #### For Apache web servers, add `%{CF-Ray}i` to LogFormat ``` LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %{CF-Ray}i" cf_custom ``` #### For Nginx web servers, add '$http\_cf\_ray' to log\_format ``` log_format cf_custom '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" ' '$http_cf_ray'; ``` ### Perform a MTR When to use Use MTR when you need **more detailed network diagnostics than traceroute provides**. MTR combines traceroute and ping to show real-time latency and packet loss at each hop, making it easier to identify intermittent network issues. My Traceroute (MTR) is a [tool ↗](https://www.cloudflare.com/learning/network-layer/what-is-mtr/) that combines traceroute and ping to measure a network path's health, which is another common method for testing network connectivity and speed. In addition to the hops along the network path, MTR shows constantly updating information about the latency and packet loss along the route to the destination. This helps in troubleshooting network issues by allowing you to see what's happening along the path in real-time. MTR works by discovering the network path in a similar manner to traceroute, and then regularly sending packets to continue collecting information to provide an updated view into the network’s health and speed. Like traceroute, MTR can use ICMP or UDP for outgoing packets but relies on ICMP for return (Type 11: Time Exceeded) packets. Note For MacOS users, MTR can be installed through [homebrew ↗](https://formulae.brew.sh/formula/mtr). For Windows users, see [WinMTR ↗](https://github.com/White-Tiger/WinMTR/releases). #### How do I use MTR to generate network path report? **Using MTR on NIX based machines** Generally, we'd use MTR as the following: Terminal window ``` mtr -rw e.g.: mtr -rw one.one.one.one ``` or with destination IP: Terminal window ``` mtr -rw e.g.: mtr -rw 1.1.1.1 ``` with TCP port Terminal window ``` mtr -P -T ``` Please refer to this documentation, which explains more about analysing MTR: [How to read MTR ↗](https://www.cloudflare.com/en-gb/learning/network-layer/what-is-mtr/). ### Run Packet Captures When to use Use packet captures when you experience **connection resets, packet loss, SSL handshake failures, or HTTP errors like 520, 524, and 525**. These issues occur at layers 3/4 and don't appear in HTTP logs, requiring deep packet-level analysis. Issues that happen at the layers 3/4 occur before requests reaching Cloudflare's logging system, so they do not show up in the HTTP logs. Therefore, troubleshooting issues related to connection resets, packet loss or SSL handshake failures can be tricky without a deep investigation at the packet level. Some HTTP errors generated by Cloudflare, such as [520s](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-520/), [524s](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-524/) and [525s](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-525/), show underlying issues at layers 3/4, and might require a packet capture for further investigation. **How to Run a Packet Capture** Warning Please be aware, if you transmit any sensitive information while a packet capture is running, it will be recorded. Cloudflare suggests [Wireshark ↗](https://www.wireshark.org/download.html) for running packet captures. For instructions on how to use the _tcpdump_ command line, refer to [this ↗](https://www.wireshark.org/docs/wsug%5Fhtml%5Fchunked/AppToolstcpdump.html) article. 1. Close all programs/browser tabs that could be sending data in the background to avoid having to use a lot of display filters later. 2. Create your Wireshark capture filter (refer to [this ↗](https://wiki.wireshark.org/CaptureFilters) article for more information). 3. Select the appropriate interface (e.g. Wi-Fi: en0). If you're not sure which interface to use, Wireshark provides an I/O graph of each interface to give you a hint. 4. Click the blue shark fin icon in the top left-hand corner to start your packet capture. 5. Reproduce the issue while running capture. 6. Click the red square icon in the top left-hand corner to stop your packet capture. 7. Save as a `.pcap` file and attach it to your support ticket. --- ## Related resources * [Contacting Cloudflare Support](https://developers.cloudflare.com/support/contacting-cloudflare-support/) * [Cloudflare HTTP 5XX errors](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/) * [Diagnosing network issues with MTR and traceroute ↗](https://www.cloudflare.com/en-gb/learning/network-layer/what-is-mtr/) * [cURL command line tool ↗](https://curl.haxx.se/) ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/general-troubleshooting/","name":"General Troubleshooting"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/general-troubleshooting/gathering-information-for-troubleshooting-sites/","name":"Gathering information for troubleshooting sites"}}]} ``` --- --- title: Cloudflare traffic not being sent to the geographically closest data center description: Due to the way routing on Cloudflare's Anycast network works, requests may be sent to data center locations that are not necessarily the closest geographically. We are continuously adding capacity to our global network and enhancing our automated traffic engineering systems to intelligently manage congestion and other network events. While we always strive to provide the best possible performance by serving traffic from the closest location, our top priority is reliability. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Cloudflare traffic not being sent to the geographically closest data center Due to the way routing on [Cloudflare's Anycast network ↗](https://www.cloudflare.com/learning/cdn/glossary/anycast-network/) works, requests may be sent to data center locations that are not necessarily the closest geographically. We are continuously adding capacity to our global network and enhancing our automated traffic engineering systems to intelligently manage congestion and other network events. While we always strive to provide the best possible performance by serving traffic from the closest location, our top priority is reliability. In instances where performance and reliability are in conflict, our systems are designed to prioritize a stable connection over a local one. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/general-troubleshooting/","name":"General Troubleshooting"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/general-troubleshooting/geographic-traffic-routing/","name":"Cloudflare traffic not being sent to the geographically closest data center"}}]} ``` --- --- title: Not receiving emails from Cloudflare description: This article may help if you are unable to receive transactional emails from Cloudflare. These types of email include: image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Not receiving emails from Cloudflare This article may help if you are unable to receive transactional emails from Cloudflare. These types of email include: * email verification * forgot / reset password * any other type of automated notification generated by the Cloudflare dashboard If you are expecting but not receiving these emails from Cloudflare, review the following. ## Causes * Your email address is incorrect or mistyped in the Cloudflare dashboard * Your email server or mailbox is not working * Your mail server or software is filtering or blocking messages from Cloudflare * Your mail server previously bounced too many messages from Cloudflare, resulting in email delivery no longer being attempted ## Solution 1. Check that your email address is correct in the Cloudflare dashboard Follow the [Change Your Email](https://developers.cloudflare.com/fundamentals/user-profiles/change-password-or-email/#change-email-address) guide to check & correct this. 1. Check and confirm that your email server is running and your mailbox is functional Try sending a test email from another email service to the email address in your Cloudflare profile and check it arrives successfully. If your email domain is also using Cloudflare, you should refer to our [Email issues](https://developers.cloudflare.com/dns/troubleshooting/email-issues/) guide. 1. Make sure that [noreply@notify.cloudflare.com](mailto:noreply@notify.cloudflare.com) is not being blocked or filtered All Cloudflare transactional emails will be sent from [noreply@notify.cloudflare.com](mailto:noreply@notify.cloudflare.com) \- please check your email server / mailbox’s and ensure this address is removed from any blocklists or spam filters. 1. Your inbox previously bounced too many messages from Cloudflare If you email server or mailbox was not working for any period of time, our mail service will stop attempting to send you messages if too many messages bounce. In this scenario, you will need to visit the [Support Portal ↗](https://dash.cloudflare.com/?to=/:account/support) and select the category Account > My Profile > Other. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/general-troubleshooting/","name":"General Troubleshooting"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/general-troubleshooting/not-receiving-cloudflare-emails/","name":"Not receiving emails from Cloudflare"}}]} ``` --- --- title: Potential ISP blocking of Cloudflare IP addresses description: Cloudflare cannot guarantee that your assigned IP addresses are not blocked by any country or Internet service provider (ISP). When Cloudflare proxies your zone, it assigns an IP address to the zone from a shared pool in the Cloudflare network. Cloudflare does not offer dedicated or exclusive IP addresses for users on Free, Pro, or Business plans, nor does Cloudflare rotate assigned IP addresses upon request. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Potential ISP blocking of Cloudflare IP addresses Cloudflare cannot guarantee that your assigned IP addresses are not blocked by any country or Internet service provider (ISP). When Cloudflare proxies your zone, it assigns an IP address to the zone from a shared pool in the Cloudflare network. Cloudflare does not offer dedicated or exclusive IP addresses for users on Free, Pro, or Business plans, nor does Cloudflare rotate assigned IP addresses upon request. When an ISP blocks your website, you should expect that: * This is not due to a misconfiguration of your Cloudflare settings. * You may see a drop in traffic in your [Cloudflare Analytics](https://developers.cloudflare.com/analytics/). * As these actions are taken at the ISP level, Cloudflare does not have the ability to restore Internet connectivity for impacted users. Enterprise users can lease [static IPs](https://developers.cloudflare.com/byoip/concepts/static-ips/) or get their own IPs advertised using [Bring Your Own IP (BYOIP)](https://developers.cloudflare.com/byoip/). For more information, contact the [Cloudflare Sales team ↗](https://www.cloudflare.com/plans/enterprise/contact/). It is important to note that an ISP-level block is distinct from other types of website blocking. For example, website owners may enforce certain restrictions (based upon IP, ASN, country, or other factors such as rate limiting) that will return [1XXX errors](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/) in the HTML body of the response. Website owners configure these blocks, so issues need to be addressed directly with the website owner. For more information on website blocking, refer to the [Web Application Firewall FAQ](https://developers.cloudflare.com/waf/troubleshooting/faq/#why-have-i-been-blocked). For information on individual users being challenged when visiting Cloudflare-protected websites, refer to [Challenges on Cloudflare-protected sites](https://developers.cloudflare.com/cloudflare-challenges/troubleshooting/#challenges-on-cloudflare-protected-sites). ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/general-troubleshooting/","name":"General Troubleshooting"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/general-troubleshooting/potential-isp-blocking/","name":"Potential ISP blocking of Cloudflare IP addresses"}}]} ``` --- --- title: Potential disruption of services for Russian users description: Cloudflare has observed that Internet Service Providers (ISPs) within Russia are systematically throttling traffic to websites and services, including those protected by Cloudflare. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Potential disruption of services for Russian users Cloudflare has observed that Internet Service Providers (ISPs) within Russia are systematically throttling traffic to websites and services, including those protected by Cloudflare. This appears to restrict data transfer to approximately 16 KB per connection, which renders most websites, including those of our customers, inaccessible or unusable for visitors from Russia. What to expect with your website: * This is not due to a misconfiguration of your Cloudflare settings. * You will likely see a significant drop in traffic from users in Russia in your Cloudflare Analytics. * Your visitors in Russia may experience connection failures or sites that do not load properly. * As these actions are taken at the ISP level within Russia, we do not have the ability to restore Internet connectivity for Russia-based users. If you are a Cloudflare enterprise customer, contact your account team for further assistance. For further details, refer to the [Russian Internet users are unable to access the open Internet blog post ↗](https://blog.cloudflare.com/russian-internet-users-are-unable-to-access-the-open-internet/). ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/general-troubleshooting/","name":"General Troubleshooting"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/general-troubleshooting/service-disruption/","name":"Potential disruption of services for Russian users"}}]} ``` --- --- title: Third-party load balancers description: This guide explains how to troubleshoot common issues when using Cloudflare in front of third-party load balancers. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Third-party load balancers This guide explains how to troubleshoot common issues when using Cloudflare in front of third-party load balancers. --- ## F5 BIG-IP cookie persistence When using Cloudflare as a reverse proxy (orange-clouded) in front of F5 BIG-IP load balancers, you may encounter session affinity issues due to how Cloudflare maintains persistent connections. ### The problem F5 BIG-IP load balancers typically set a session cookie at the beginning of a TCP connection (if none exists) and then ignore all cookies from subsequent HTTP requests on the same TCP connection. This breaks session affinity because Cloudflare sends multiple HTTP sessions on the same TCP connection due to HTTP keep-alive. Symptoms include: * Users being logged out or experiencing authentication flow issues. * Shopping carts showing empty at checkout. * Other session-dependent inconsistencies. #### 1\. Identify F5 session cookies F5 session cookies can have arbitrary names but typically follow a specific format: * Without encryption (trivially decoded to show origin server IP and port): ``` BIGipCookie=16908480.16415.0000;path=/; Httponly; Secure ``` * With encryption: ``` BIGipCookie=TS019a202c=01625f1893a7d6e4b2c1a0f98e7d6c5b4a3f2e1d; path=/; Httponly; Secure ``` #### 2\. Test for the issue You can test for this issue using curl. Run multiple requests and check if the session cookie is set consistently: Terminal window ``` for i in {1..100}; do curl -sI https://example.com; done 2>&1 | grep "" | wc -l ``` If the count is significantly less than 100 when proxied through Cloudflare but equals 100 when connecting directly to the origin, you are experiencing this issue. ### Solution: configure F5 OneConnect profile The recommended solution is to configure an F5 OneConnect profile with a single host (`/32`) mask on your F5 BIG-IP load balancer. #### How OneConnect helps * The client is not fixed to a backend server by a TCP connection * HTTP requests are load balanced individually * Different cookies with different persistence information are honored within the same TCP session * Cookies are set with each HTTP response #### Important considerations 1. Validate that OneConnect is compatible with your version of TMOS (Traffic Management OS). 2. Test this configuration in staging or test Virtual IP (VIP) first, as it changes how the F5 device behaves. 3. The `/32` mask is critical for proper operation with Cloudflare. --- ## Related resources * [Session affinity](https://developers.cloudflare.com/load-balancing/understand-basics/session-affinity/) * [TCP connections and keep-alives](https://developers.cloudflare.com/fundamentals/reference/tcp-connections/) * [F5 K7208: Overview of the OneConnect profile ↗](https://my.f5.com/manage/s/article/K7208) * [F5 K7964: The BIG-IP system may appear to ignore persistence information for Keep-Alive connections ↗](https://my.f5.com/manage/s/article/K7964) ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/general-troubleshooting/","name":"General Troubleshooting"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/general-troubleshooting/third-party-load-balancers/","name":"Third-party load balancers"}}]} ``` --- --- title: Troubleshoot crawl errors description: Cloudflare allows search engine crawlers and bots. If you observe crawl issues or Cloudflare challenges presented to the search engine crawler or bot, contact Cloudflare support with the information you gather when troubleshooting the crawl errors via the methods outlined in this guide. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Troubleshoot crawl errors Cloudflare allows search engine crawlers and bots. If you observe crawl issues or Cloudflare challenges presented to the search engine crawler or bot, [contact Cloudflare support](https://developers.cloudflare.com/support/contacting-cloudflare-support/) with the information you gather when troubleshooting the crawl errors via the methods outlined in this guide. --- ## Disable Anti-bot modules Search engine crawlers' requests, when proxied through Cloudflare, can be blocked by anti-bot modules installed on your origin server. Try disabling any anti-bot modules to prevent your origin from blocking these requests. --- ## Adjust Google and Bing crawl rates To optimize CDN performance, Google and Bing assign special crawl rates to websites that use CDN services in order. Special crawl rates do not negatively affect Search Engine Optimization (SEO) and Search Engine Results Pages (SERPs). To change your crawl rates for Bing and Google, follow the guides below: * Change the Google crawl rate by [reviewing Google’s documentation ↗](https://support.google.com/webmasters/answer/48620?hl=en). * Change your Bing crawl rate via guidance from Bing’s documentation: * [Bing Crawl Control ↗](https://www.bing.com/webmasters/help/?topicid=55a30303) * [Crawl Delay and the Bing Crawler ↗](https://blogs.bing.com/webmaster/2009/08/10/crawl-delay-and-the-bing-crawler-msnbot) --- ## Prevent crawl errors Review the following recommendations to prevent crawler errors: * Monitor the performance and availability of your website using a third-party tool: * [StatusCake ↗](http://www.statuscake.com/) * [Pingdom ↗](http://www.pingdom.com/) * [Monitor.Us ↗](http://www.monitor.us/) * [Updown ↗](https://updown.io/) * Do not block Google crawler IP addresses via [custom rules](https://developers.cloudflare.com/waf/custom-rules/) or [IP Access rules](https://developers.cloudflare.com/waf/tools/ip-access-rules/). If you are using [rate limiting rules](https://developers.cloudflare.com/waf/rate-limiting-rules/), make sure they do not apply to the Google crawler. Confirm an IP address belongs to Google by consulting Google’s documentation on [verifying googlebot IP addresses ↗](https://support.google.com/webmasters/bin/answer.py?answer=80553). * Do not block the United States via [custom rules](https://developers.cloudflare.com/waf/custom-rules/) or [IP Access rules](https://developers.cloudflare.com/waf/tools/ip-access-rules/). * Do not block Google User-Agents in your `.htaccess` file, server configuration, [robots.txt ↗](http://support.google.com/webmasters/bin/answer.py?answer=35303), or web application. Google uses a [variety of User-Agents ↗](https://developers.google.com/search/docs/crawling-indexing/overview-google-crawlers) to crawl your website. You can [test your robots.txt via Google ↗](https://support.google.com/webmasters/answer/6062598?hl=en). * Do not allow crawling of files in the `/cdn-cgi/` directory. This path is used internally by Cloudflare and Google encounters errors when crawling it. Disallow crawls of `cdn-cgi` via `robots.txt`: `Disallow: /cdn-cgi/` Note Errors for `cdn-cgi` do not impact site rankings. * Ensure your [robots.txt file allows the AdSense crawler ↗](http://support.google.com/webmasters/bin/answer.py?hl=en&answer=1061943). * [Restore original visitor IP addresses](https://developers.cloudflare.com/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/) in your server logs. --- ## Troubleshoot crawl errors Troubleshooting steps for the most commonly reported crawl errors are mentioned below. ### HTTP 4XX Errors [HTTP 4XX errors](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/4xx-client-error/) are the most common type of crawl error. Cloudflare delivers these errors from your web server to Google. These errors are caused for various reasons such as a missing page on your web server or a malformed link in your HTML. The solution depends upon the problem encountered. ### HTTP 5XX Errors [HTTP 5XX errors](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/) indicate that either Cloudflare or your origin web server experienced an internal error. To correlate occurrences of crawl errors with site outages, monitor your origin web server's health. Monitoring your website health both through Cloudflare and directly to your origin web server IPs determines whether errors occurred due to Cloudflare or your origin web server. ### DNS Errors Troubleshooting steps vary depending on whether your domain is on Cloudflare via a Full or CNAME setup. To verify which setup your domain uses, open a terminal and execute the following command (replace `www.example.com` with your Cloudflare domain): `dig +short SOA` `www.example.com` For domains on a [Partial (CNAME) setup](https://developers.cloudflare.com/dns/zone-setups/partial-setup/), the result response contains cdn.cloudflare.net. For example: `example.com.cdn.cloudflare.net.` For domains on a [Full setup](https://developers.cloudflare.com/dns/zone-setups/full-setup/), the result response contains the `cloudflare.com` domain in the nameservers listed. For example: `josh.ns.cloudflare.com. dns.cloudflare.com. 2013050901 10000 2400 604800 3600` Once you’ve confirmed how your domain was setup with Cloudflare, proceed with the troubleshooting steps appropriate to your domain setup. **CNAME** Contact your hosting provider to investigate DNS errors and provide the date Google encountered DNS errors. Additionally, review the [Cloudflare System Status ↗](http://www.cloudflare.com/system-status) page for any network outages on the date the errors were encountered by Google. **Full** [Contact Cloudflare support](https://developers.cloudflare.com/support/contacting-cloudflare-support/) and provide the date and time that Google observed the errors. ### Requesting troubleshooting assistance If the above troubleshooting steps do not resolve your crawl errors, follow the steps below to export crawler errors as a `.csv` file from your Google Webmaster Tools Dashboard. Include this `.csv` file when [contacting Cloudflare Support](https://developers.cloudflare.com/support/contacting-cloudflare-support/). 1. Log in to your Google Webmaster Tools account and navigate to the **Health** section of the affected domain. 2. Click **Crawl Errors** in the left hand navigation. 3. Click **Download** to export the list of errors as a `.csv` file. 4. Provide the downloaded `.csv` file to Cloudflare support. --- ## Related resources [Google’s documentation on crawl errors and troubleshooting ↗](https://support.google.com/webmasters/answer/7440203#not%5Ffound%5F404) ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/general-troubleshooting/","name":"General Troubleshooting"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/general-troubleshooting/troubleshooting-crawl-errors/","name":"Troubleshoot crawl errors"}}]} ``` --- --- title: 1xx Informational description: The 1xx Informational status codes serve as interim responses that provide connection status updates without completing the request-response cycle. These codes are not intended for final actions but rather to indicate that the request is being processed or additional steps are required. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # 1xx Informational The 1xx Informational status codes serve as interim responses that provide connection status updates without completing the request-response cycle. These codes are not intended for final actions but rather to indicate that the request is being processed or additional steps are required. The requirements the server must follow when sending 1xx Informational status codes in response to a client's request include: * Responses must be terminated by the first empty line following the status line. * 1xx responses are not supported by HTTP/1.0; the origin server should never send a 1xx response to an HTTP/1.0 client. Cloudflare forwards all 1xx responses from origin servers but does not generate them directly. ## 100 Continue The 100 Continue status indicates that the server has received the request headers and is ready for the client to send the request body. For more information, refer to [RFC 7231 ↗](https://tools.ietf.org/html/rfc7231). ### Common use cases Allows clients to verify if the server will accept their request headers before sending a potentially large or unusable request body, optimizing data flow. When a client includes the `Expect: 100-continue` header, it is requesting a confirmation before sending the request body, prompting the server to respond immediately with either `100 Continue` to proceed or an appropriate status code (for example, `401 Unauthorized` or `413 Payload Too Large`) if the request is unacceptable. ### Cloudflare-specific information Cloudflare uses Keep-Alive connections to maintain persistent communication between clients and servers, making the `100 Continue` response typically unnecessary, as Keep-Alive reduces overhead and eliminates the need for intermediate confirmations. ## 101 Switching Protocols The 101 Switching Protocols status code indicates that the origin server accepts the client's request to switch protocols. For more information, refer to [RFC 7231 ↗](https://tools.ietf.org/html/rfc7231). ### Common use cases The 101 Switching Protocols status code indicates that the server has accepted the client's request to change protocols, either by including an `Upgrade` header or through a change in the application protocol on the connection. When the `Upgrade` header is used, the server agrees to switch to a protocol higher on the client's priority list and responds with an `Upgrade` header to specify the new protocol(s). This change is assumed to benefit both the client and the server, with WebSockets being the most common use case. ### Cloudflare-specific information Cloudflare supports WebSocket connections, which often involve the 101 Switching Protocols status code. The protocol switch allows clients to establish a WebSocket connection for real-time, bidirectional communication. For information about Cloudflare's Websockets, refer to [Cloudflare Now Supports Websockets ↗](https://blog.cloudflare.com/cloudflare-now-supports-websockets/). ## 102 Processing 102 Processing status code indicates that the server has received the request and is currently processing it, but the final response is not yet ready. This status code is only applicable to HTTP/1.1 and higher. For more information, refer to [RFC 2518 ↗](https://tools.ietf.org/html/rfc2518). ### Common use cases The 102 Processing status code is commonly used in scenarios requiring long-running operations, such as complex database transactions or large file processing. It helps maintain the connection during extended processing times, typically exceeding 20 seconds, ensuring efficient communication between the client and server throughout the operation. ### Cloudflare-specific information If Cloudflare receives a 102 Processing response, it expects a final response within 120 seconds. Failure to receive this response results in an [Error 522: Connection Timed Out](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-522/). However, sending interim 102 Processing responses can help prevent [Error 524: A timeout occurred](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-524/), ensuring that the connection remains active while the server processes the request. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/1xx-informational/","name":"1xx Informational"}}]} ``` --- --- title: 2xx Success description: 2xx status codes indicate success, meaning that the client's request was received, understood, and accepted by the server. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # 2xx Success 2xx status codes indicate success, meaning that the client's request was received, understood, and accepted by the server. ## 200 OK A 200 response indicates that the request has succeeded. ### Common use cases A 200 response is commonly used in the following scenarios: * GET requests: Returns requested resources such as webpages, images, or API data, along with relevant headers. * HEAD requests: Retrieves only headers corresponding to the requested resource, such as metadata. For example, file size or last modified date. * POST requests: Confirms successful processing of submitted data, such as form submissions, often with details about the result in the response body. A 200 response should ideally include a payload but is not required. Occasionally, an origin server may return a 200 response with zero content length. However, following RFC standards, a 204 response is recommended in such cases (except for the CONNECT method). ### Cloudflare-specific information By default, 200 responses are cacheable by proxy servers and browsers. If specific [cache controls](https://developers.cloudflare.com/cache/concepts/customize-cache/) are not defined, [static resources](https://developers.cloudflare.com/cache/concepts/default-cache-behavior/) with a 200 response are cached for two hours at Cloudflare's edge. ## 201 Created A 201 response indicates the successful creation of one or more new resources. The server typically includes the location of the newly created resource in either the `Location` header or the request URI. ### Common use cases Creating a new resource in response to a POST request. For example, creating a new user, article, or record. ### Cloudflare-specific information Cloudflare forwards 201 responses without modification. For further information, refer to [RFC 7231 ↗](https://tools.ietf.org/html/rfc7231#section-7.2) for more details about validator headers, like **ETag** and **Last-Modified** in a 201 response. ## 203 Non-authoritative information A 203 response indicates that the request was successful, but the response did not come directly from the origin server. The response was instead delivered by a proxy or intermediate server. ### Common use cases Servers use this response to tell a client that the resource was cached by a proxy server. ### Cloudflare-specific information Cloudflare does not cache 203 responses. For details about how Cloudflare handles 203 responses, refer to [Cloudflare HTTP headers](https://developers.cloudflare.com/fundamentals/reference/http-headers/). ## 204 No content A 204 response indicates that the request was successfully processed, but there is no content to return in the response. ### Common use cases This response is often used by servers to indicate that a document editor's save action to the origin server was completed successfully. ### Cloudflare-specific information 204 responses never contain payloads, as specified by the HTTP standard, and Cloudflare does not cache these responses. ## 205 Reset content A 205 response tells the client to return to its previous state after a request. ### Common use cases This response occurs after a user submits a form or other data and they want to tell the client to refresh the page or allow a new submission. ### Cloudflare-specific information 205 responses must not contain any payloads and Cloudflare does not cache these responses. ## 206 Partial content A 206 response means that the request was partially successful, often used for serving large files in smaller chunks. ### Common use cases This response is often used to decrease latency when clients are processing larger files that might require split or interrupted downloads. For instance, for streaming video or serving file ranges for progressive loading. A 206 response includes either: * Partial payload that contains a `Content-Range` header specifying the requested range and the data provided in the response. * Multipart payload that omits the `Content-Range` header at the top level but includes `Content-Type` and `Content-Range` headers for each part of the multipart response body. For more details, refer to [Section 4.1 of RFC 7233 ↗](https://tools.ietf.org/html/rfc7233#page-10). ### Cloudflare-specific information Cloudflare handles 206 responses for range requests, but [caching behavior](https://developers.cloudflare.com/cache/concepts/default-cache-behavior/) may vary depending on the file type and origin settings. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/2xx-success/","name":"2xx Success"}}]} ``` --- --- title: 3xx Redirection description: 3xx codes are a class of responses which indicate that the HTTP client must take another course of action to obtain the complete requested resource. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # 3xx Redirection 3xx codes are a class of responses which indicate that the HTTP client must take another course of action to obtain the complete requested resource. The redirect location should be specified in one of the following ways: * In the `Location` header field of the response, which is useful for automatic redirection. * In the payload of the response, optionally including a hyperlink to the correct location. ## 300 Multiple Choices The 300 Multiple Choices status indicates that multiple options are available for the requested resource, and the client may select one. For more information, refer to [RFC 7231 ↗](https://tools.ietf.org/html/rfc7231). ### Common use cases The status is typically used when a resource is available in multiple representations or formats. For instance: * Offering multiple versions of a video in different formats (for example, MP4, AVI). * Providing a list of files with different [extensions ↗](https://en.wikipedia.org/wiki/File%5Fextensions) or compression types. * Presenting [word sense disambiguation ↗](https://en.wikipedia.org/wiki/Word%5Fsense%5Fdisambiguation) options for a term with multiple meanings. The response may include a `Location` header pointing to a preferred option or provide a payload with hyperlinks to the available choices, allowing the client to decide. ### Cloudflare-specific information Cloudflare generally bypasses the 300 Multiple Choices response for automated redirections to ensure optimal performance and user experience. ## 301 Moved Permanently The 301 Moved Permanently status indicates that the requested resource has been assigned a new permanent URI. All future references to this resource should use one of the enclosed URIs. For more information, refer to [RFC 7231 ↗](https://tools.ietf.org/html/rfc7231). ### Common use cases This status is commonly used to inform clients that: * A resource has been permanently relocated to a new URI. * Search engines should update their indexes to reflect the new URI. * Bookmarks or other saved references should be updated. The response typically includes a `Location` header specifying the new URI. This enables automatic redirection by most User-Agents. ### Cloudflare-specific information Cloudflare can generate 301 Moved Permanently responses without needing to query the origin server. For more information, refer to [Redirect Rules](https://developers.cloudflare.com/rules/url-forwarding/). ## 302 Found The 302 Found status, also referred to as a temporary redirect, indicates that the requested resource is temporarily located at a different URI. Unlike a 301 Moved Permanently status, which denotes a permanent relocation, the 302 Found status is specifically intended for temporary use. While the User-Agent may follow the `Location` header to retrieve the resource, it should not replace the current URI as it would for a 301 Moved Permanently. For more information, refer to [RFC 7231 ↗](https://tools.ietf.org/html/rfc7231). ### Common use cases This status is typically used to: * Temporarily redirect traffic during maintenance or upgrades. * Direct users to an alternate resource without altering saved references. * A/B test different versions of a resource without making permanent changes. ### Cloudflare-specific information Cloudflare can generate these responses, eliminating the need to send a request to the origin serve. Learn more about how Cloudflare can help generate redirects with [Redirect Rules](https://developers.cloudflare.com/rules/url-forwarding/). ## 303 See Other (since HTTP/1.1) The 303 See Other status indicates that the client should retrieve the resource at a different URI using a `GET` request. Unlike a 301 Moved Permanently redirect, the resource at the redirect location is not necessarily equivalent to the originally requested resource. For more information, refer to [RFC 7231 ↗](https://tools.ietf.org/html/rfc7231). ### Common use cases The 303 status is typically used in response to a `POST` or `DELETE` request to indicate that the origin server has successfully processed the data and to support proper caching behavior. Although the initial 303 response is not cacheable, the response to the subsequent `GET` request can be cached, as it is tied to a distinct URI. ### Cloudflare-specific information Cloudflare allows for the configuration of 303 redirects through [Redirect Rules](https://developers.cloudflare.com/rules/url-forwarding/), enabling seamless handling of these responses directly at the edge. This approach improves performance by avoiding unnecessary requests to the origin server. ## 304 Not Modified The 304 Not Modified status indicates that the requested resource is available and valid in the client's cache. This means that the origin server has not modified the resource since the client's last request, allowing the client to use the cached resource without connecting to the origin server again. Requirements for caches receiving a 304 response are defined in [Section 4.3.4 of RFC 7234 ↗](https://tools.ietf.org/html/rfc7234#section-4.3.4). For more information, refer to [RFC 7232 ↗](https://tools.ietf.org/html/rfc7232). ### Common use cases A 304 Not Modified response is used when the client sends a conditional `GET` or `HEAD` request to validate a cached resource. The server confirms that the cached version is still up to date, allowing the client to use it without re-downloading the resource. This helps reduce unnecessary data transmission and improves efficiency. A 304 response contains: * No message body: The 304 response itself does not include the actual resource (like an image or webpage content). Instead, it just confirms that the cached version is valid. * Required headers: The response includes important metadata (such as `Cache-Control`, `Content-Location`, `Date`, `ETag`, `Expires`, or `Vary`) that tells the client how to manage the cached resource. These headers are the same ones that would accompany the resource if it were sent with a 200 OK response. ### Cloudflare-specific information When a stale request must be revalidated at the origin, Cloudflare sends a 304 response to confirm that the cached version matches the origin version. The response includes the `CF-Cache-Status: REVALIDATED` header, and Cloudflare validates the version using the `If-Modified-Since` header. For more information, refer to [ETag Headers](https://developers.cloudflare.com/cache/reference/etag-headers/). ## 305 Use Proxy (deprecated) This status code indicates that the request must be routed through the proxy specified in the `Location` header instead of being sent directly to the origin server. However, due to security concerns, the 305 Use Proxy status code has been deprecated. ## 306 Switch Proxy (deprecated) This status code indicates that subsequent requests should be sent through the specified proxy. However, the 306 Switch Proxy status code is deprecated and is no longer in use. ## 307 Temporary Redirect The 307 Temporary Redirect status indicates that a requested resource has been temporarily moved to a different URI, as specified in the `Location` header. Unlike a 302 redirect, the original request method (for example, `GET` or `POST`) must remain unchanged when the redirect is followed automatically. This ensures that temporary changes to a resource's location do not disrupt the intended behavior of the request. User agents may automatically follow the redirect using the `Location` header, but should not replace the original URI for future requests. For more information, refer to [RFC 7231 ↗](https://tools.ietf.org/html/rfc7231). ### Common use cases The 307 status is useful for temporarily relocating resources during server maintenance or upgrades while ensuring the original request method is preserved. It is also commonly used to direct traffic to temporary URLs for promotions, campaigns, or special events without altering the original URI for future requests. ### Cloudflare-specific information Cloudflare can handle 307 Temporary Redirect responses efficiently, enabling temporary redirects without requiring changes at the origin server. This can be configured using [Redirect Rules](https://developers.cloudflare.com/rules/url-forwarding/). ## 308 Permanent Redirect The 308 Permanent Redirect status indicates that the requested resource has been permanently moved to a new URI, as specified in the `Location` header. Unlike a 301 redirect, the original request method (for example, `GET`, `POST`) must remain unchanged when automatically following the redirect. User agents should follow the redirect using the `Location` header and replace the original URI with the new one for subsequent requests. For more information, refer to [RFC 7538 ↗](https://tools.ietf.org/html/rfc7538#section-3). ### Common use cases The 308 Permanent Redirect status is commonly used for permanent resource relocation, API version upgrades, domain or path migrations, and maintaining method integrity in redirects. Additionally, it helps with SEO by transferring link equity to the new URI. ### Cloudflare-specific information Cloudflare can handle 308 Permanent Redirects efficiently, ensuring redirection while maintaining request integrity. These redirects can be configured using [Redirect Rules](https://developers.cloudflare.com/rules/url-forwarding/). ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/3xx-redirection/","name":"3xx Redirection"}}]} ``` --- --- title: 4xx Client Error description: 4xx codes are error responses that indicate an issue on the client's end, potentially due to a network problem. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # 4xx Client Error `4xx` codes are error responses that indicate an issue on the client's end, potentially due to a network problem. * `4xx` codes can be used as a response to any request method. * The origin server should include an explanation, which should be displayed by the User-Agent, except in the case of a `HEAD` request. * [Custom rules](https://developers.cloudflare.com/waf/custom-rules/) can return any response code in the range of `400–499` on your HTML page if the site owner has created a rule with the _Block_ action and configured a custom response code. For more details, refer to [custom response](https://developers.cloudflare.com/waf/custom-rules/create-dashboard/#configure-a-custom-response-for-blocked-requests). ## Log Explorer [Log Explorer](https://developers.cloudflare.com/log-explorer/) provides access to Cloudflare logs with all the context available within the Cloudflare platform. You can monitor security and performance issues with custom dashboards or investigate and troubleshoot issues with log search. Log explorer [allows to build queries](https://developers.cloudflare.com/log-explorer/log-search/) filtering for specific [Ray ID](https://developers.cloudflare.com/fundamentals/reference/cloudflare-ray-id/), which can be useful to investigate HTTP Errors. ## 400 Bad Request For a complete description of this error refer to the [Error 400](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/4xx-client-error/error-400/) page. ## 401 Unauthorized For a complete description of this error refer to the [Error 401](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/4xx-client-error/error-401/) page. ## 402 Payment Required The `402 Payment Required` status code is reserved for future use and is not yet implemented according to the standards outlined in [RFC 7231 ↗](https://tools.ietf.org/html/rfc7231). ## 403 Forbidden For a complete description of this error refer to the [Error 403](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/4xx-client-error/error-403/) page. ## 404 Not Found For a complete description of this error refer to the [Error 404](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/4xx-client-error/error-404/) page. ## 405 Method Not Allowed For a complete description of this error refer to the [Error 405](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/4xx-client-error/error-405/) page. ## 406 Not Acceptable For a complete description of this error refer to the [Error 406](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/4xx-client-error/error-406/) page. ## 407 Authentication Required For a complete description of this error refer to the [Error 407](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/4xx-client-error/error-407/) page. ## 408 Request Timeout For a complete description of this error refer to the [Error 408](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/4xx-client-error/error-408/) page. ## 409 Conflict For a complete description of this error refer to the [Error 409](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/4xx-client-error/error-409/) page. ## 410 Gone For a complete description of this error refer to the [Error 410](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/4xx-client-error/error-410/) page. ## 411 Length Required For a complete description of this error refer to the [Error 411](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/4xx-client-error/error-411/) page. ## 412 Precondition Failed For a complete description of this error refer to the [Error 412](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/4xx-client-error/error-412/) page. ## 413 Payload Too Large For a complete description of this error refer to the [Error 413](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/4xx-client-error/error-413/) page. ## 414 URI Too Long For a complete description of this error refer to the [Error 414](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/4xx-client-error/error-414/) page. ## 415 Unsupported Media Type For a complete description of this error refer to the [Error 415](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/4xx-client-error/error-415/) page. ## 416 Range Not Satisfiable For a complete description of this error refer to the [Error 416](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/4xx-client-error/error-416/) page. ## 417 Expectation Failed For a complete description of this error refer to the [Error 417](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/4xx-client-error/error-417/) page. ## 429 Too Many Requests For a complete description of this error refer to the [Error 429](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/4xx-client-error/error-429/) page. ## 451 Unavailable For Legal Reason For a complete description of this error refer to the [Error 451](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/4xx-client-error/error-451/) page. ## 499 Client Close Request For a complete description of this error refer to the [Error 499](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/4xx-client-error/error-499/) page. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/","name":"4xx Client Error"}}]} ``` --- --- title: Error 400 description: This error indicates that the client sent a request to the server that could not be understood or processed due to issues with the request itself. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 400 ## 400 Bad Request This error indicates that the client sent a request to the server that could not be understood or processed due to issues with the request itself. For more information, refer to [RFC 7231 ↗](https://tools.ietf.org/html/rfc7231). ### Common use cases A `400 Bad Request` error occurs due to client-side issues, such as malformed request syntax, invalid request content, message framing problems, or deceptive request routing. For example: * If the request contains a special character that is not properly [URL Encoded (or percent-encoded) ↗](https://en.wikipedia.org/wiki/Percent-encoding), an `HTTP Error 400` will be returned. * If the request contains both `Content Length` and `Transfer Encoding` chunked, these two framing methods contradict each other. `Content Length` declares a fixed size body, while chunked encoding declares a streamed body with no known size. [RFC 7230 section 3.3.3 ↗](https://datatracker.ietf.org/doc/html/rfc7230#section-3.3.3) states that when `Transfer Encoding` is present, the `Content Length` header must be ignored and a request that includes both is considered malformed. This creates ambiguity in body framing and can enable request smuggling if different systems parse the boundary differently. Cloudflare follows the RFC and an `HTTP Error 400` will be returned. ### Cloudflare-specific information If you encounter an HTTP error while using the [Cloudflare API](https://developers.cloudflare.com/api/), make sure that you are using the correct syntax, parameters, and body for your API call. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/","name":"4xx Client Error"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/error-400/","name":"Error 400"}}]} ``` --- --- title: Error 401 description: This error indicates that the request was not sent with the proper authentication credentials. The server requires authentication to process the request. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 401 ## 401 Unauthorized This error indicates that the request was not sent with the proper authentication credentials. The server requires authentication to process the request. For more details, refer to [RFC 7235 ↗](https://tools.ietf.org/html/rfc7235). ### Common use cases A `401 Unauthorized` error occurs when the client fails to provide valid authentication credentials. The server responds with at least one challenge in the form of a `WWW-Authenticate` header field, as outlined in [section 4.1 ↗](https://datatracker.ietf.org/doc/html/rfc7235#section-4.1). If the client resends the request with the same credentials and the challenge remains unchanged, the server may return an entity to assist the client in identifying the correct credentials needed. ### Cloudflare-specific information When encountering a `401` error while using the Cloudflare API, ensure that you are providing the correct authentication credentials (for example, [API tokens](https://developers.cloudflare.com/fundamentals/api/get-started/create-token/) or [keys](https://developers.cloudflare.com/fundamentals/api/get-started/ca-keys/)). Double-check that the credentials are active and properly formatted. If the error persists, refer to the `WWW-Authenticate` header in the response for guidance on resolving the issue. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/","name":"4xx Client Error"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/error-401/","name":"Error 401"}}]} ``` --- --- title: Error 403 description: The 403 Forbidden status code indicates that the client's request was understood by the server but cannot be fulfilled due to insufficient permissions to access the requested resource. For more details, refer to RFC 7231. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 403 ## 403 Forbidden The `403 Forbidden` status code indicates that the client's request was understood by the server but cannot be fulfilled due to insufficient permissions to access the requested resource. For more details, refer to [RFC 7231 ↗](https://tools.ietf.org/html/rfc7231). ### Common use cases If you encounter a `403` error without the Cloudflare branding, this means that the error is being returned directly by the origin web server, not Cloudflare. This is typically related to permission rules set on your server. Common reasons for this error are: * Permission rules configured on the origin web server (for example, in an Apache `.htaccess` file). * Mod\_security rules. * IP deny rules, such as blocking traffic from certain IP ranges. Make sure that [Cloudflare's IP ranges ↗](https://www.cloudflare.com/ips) are not being blocked. ### Cloudflare-specific information Cloudflare may serve `403` responses in the following scenarios: * **WAF rules**: The request violated a default WAF managed rule (enabled for all orange-clouded Cloudflare domains) or a custom WAF managed rule specific to your zone. For more information, refer to [WAF Managed Rules](https://developers.cloudflare.com/waf/managed-rules/). * **Security features**: A `403` response with Cloudflare branding in the response body may be triggered by: * [WAF Custom or Managed Rules](https://developers.cloudflare.com/waf/) with the challenge or block action. * [Security Level](https://developers.cloudflare.com/waf/tools/security-level/) settings, which default to Medium. * [DDoS Protection](https://developers.cloudflare.com/ddos-protection/), which is enabled by default on zones onboarded to Cloudflare, IP applications onboarded to Spectrum, and IP Prefixes onboarded to Magic Transit. * Most [1xxx Cloudflare error codes](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/). * The [Browser Integrity Check](https://developers.cloudflare.com/waf/tools/browser-integrity-check/). * [Validation Checks](https://developers.cloudflare.com/waf/tools/validation-checks/). Cloudflare may also serve an unstyled `403` error page in specific cases. These errors are not logged because they occur early in Cloudflare's infrastructure, before domain configuration is loaded. An example is: * [SNI ↗](https://www.cloudflare.com/learning/ssl/what-is-sni/): A `403` error is returned when the client sends a host that does not match the SNI (Server Name Indication). ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/","name":"4xx Client Error"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/error-403/","name":"Error 403"}}]} ``` --- --- title: Error 404 description: The 404 Not Found status code indicates that the origin server was unable to locate the requested resource. Typically, this means the host server could not find the resource. For a more permanent version of this error, the 410 Gone status code should be used. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 404 ## 404 Not Found The `404 Not Found` status code indicates that the origin server was unable to locate the requested resource. Typically, this means the host server could not find the resource. For a more permanent version of this error, the 410 Gone status code should be used. For more details, refer to [RFC 7231 ↗](https://tools.ietf.org/html/rfc7231). ### Common use cases These errors typically occur when someone mistypes a URL on your site, when there is a broken link from another page, when a page that previously existed is moved or removed, or there is an error when a search engine indexes your site. These errors typically account for approximately 3% of total page views for a typical site. However, they often go untracked by traditional analytics platforms, such as Google Analytics. To improve user experience, website owners usually implement a custom 404 page to be displayed when this error is generated. ### Cloudflare-specific information Cloudflare does not generate `404s` for customer websites, we only proxy the request from the origin server. If you encounter a `404` error on a Cloudflare-powered site, the issue lies with the origin server. In such cases, contact your hosting provider for assistance. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/","name":"4xx Client Error"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/error-404/","name":"Error 404"}}]} ``` --- --- title: Error 405 description: The 405 Method Not Allowed status code indicates that the origin server recognizes the requested resource but does not support the HTTP method used in the request. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 405 ## 405 Method Not Allowed The 405 Method Not Allowed status code indicates that the origin server recognizes the requested resource but does not support the HTTP method used in the request. For more details, refer to [RFC 7231 ↗](https://tools.ietf.org/html/rfc7231). ### Common use cases This error typically occurs when the client uses an unsupported HTTP method to interact with a specific resource. The origin server must include an `Allow` header in the response, which lists the HTTP methods supported for that resource. For example, attempting a `POST` request on a resource that is unchangeable and only supports `GET` requests will result in a `405` error. ### Cloudflare-specific information Cloudflare does not directly generate `405` errors. These errors are returned by the origin server when it does not allow the HTTP method used in the request. If you encounter a `405` error, review the configuration of your origin server to ensure the correct methods are enabled for the resource in question. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/","name":"4xx Client Error"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/error-405/","name":"Error 405"}}]} ``` --- --- title: Error 406 description: The 406 Not Acceptable status code indicates that the requested resource is not available in a format that adheres to the content negotiation headers specified by the client (for example, Accept-Charset or Accept-Language). image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 406 ## 406 Not Acceptable The `406 Not Acceptable` status code indicates that the requested resource is not available in a format that adheres to the content negotiation headers specified by the client (for example, `Accept-Charset` or `Accept-Language`). For more details, refer to [RFC 7231 ↗](https://tools.ietf.org/html/rfc7231). ### Common use cases For example, if a client requests content in a specific language or character set that the server does not support, this error will be generated. To avoid returning a `406` error, the server can instead serve the less preferred method to the client's User-Agent, rather than rejecting the request. ### Cloudflare-specific information Cloudflare does not generate `406` errors directly but can proxy these responses from the origin server. If content negotiation issues occur, they are typically related to configurations at the origin server, such as language or character set settings. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/","name":"4xx Client Error"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/error-406/","name":"Error 406"}}]} ``` --- --- title: Error 407 description: The 407 Proxy Authentication Required status code indicates that the client did not provide the necessary authentication credentials to access the requested resource through a proxy server. For more details, refer to RFC 7235. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 407 ## 407 Authentication Required The `407 Proxy Authentication Required` status code indicates that the client did not provide the necessary authentication credentials to access the requested resource through a proxy server. For more details, refer to [RFC 7235 ↗](https://tools.ietf.org/html/rfc7235). ### Common use cases This error typically occurs in environments where a proxy server is used as an intermediary between the client and the target server. To resolve this, the client must include the appropriate `Proxy-Authorization` header in the request with valid credentials. ### Cloudflare-specific information Cloudflare does not generate `407` errors but proxies them from the origin server or an upstream proxy. If a `407` error occurs on a Cloudflare-powered site, review the origin server's proxy configuration to ensure authentication requirements are properly set, and verify that the client is providing the required credentials. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/","name":"4xx Client Error"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/error-407/","name":"Error 407"}}]} ``` --- --- title: Error 408 description: The 408 Request Timeout status code indicates that the origin server did not receive the complete request within a reasonable time frame and does not wish to continue waiting for the connection. This response is not commonly used, as servers often prefer to use the "close" connection option to terminate idle connections image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 408 ## 408 Request Timeout The `408 Request Timeout` status code indicates that the origin server did not receive the complete request within a reasonable time frame and does not wish to continue waiting for the connection. This response is not commonly used, as servers often prefer to use the "close" connection option to terminate idle connections For more details, refer to [RFC 7231 ↗](https://tools.ietf.org/html/rfc7231). ### Common use cases This error typically occurs when a client fails to send a complete request within the server's timeout period. Common scenarios include slow network connections, server overload or client-side delays to complete the request. ### Cloudflare-specific information If a `408` error occurs on a Cloudflare-powered site, it is most often being proxied from the origin. In these cases, it is essential to review the origin server's timeout settings and ensure that the server is not overloaded. Additionally, verify that the client's Internet connection is stable and that the request is being sent promptly. Cloudflare may return a `408` error response if public client requests to our network exceed certain internally-defined timeouts. These timeouts are configured as a protective measure and cannot be changed. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/","name":"4xx Client Error"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/error-408/","name":"Error 408"}}]} ``` --- --- title: Error 409 description: The 409 Conflict status code indicates that the request could not be completed due to a conflict with the current state of the target resource. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 409 ## 409 Conflict The `409 Conflict` status code indicates that the request could not be completed due to a conflict with the current state of the target resource. For more details, refer to [RFC 7231 ↗](https://tools.ietf.org/html/rfc7231). ### Common use cases This error typically happens with a `PUT` request when multiple clients are attempting to edit the same resource. To solve this issue: * The server should generate a payload that includes enough information for the client to recognize the source of the conflict. * Clients should retry the request again after resolving the conflict. ### Cloudflare-specific information Cloudflare will return a 409 response for a [Error 1001: DNS Resolution Error](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1001/). ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/","name":"4xx Client Error"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/error-409/","name":"Error 409"}}]} ``` --- --- title: Error 410 description: When a resource is intentionally and permanently removed, servers use the 410 Gone status code to inform clients that the resource is no longer available. In this case: image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 410 ## 410 Gone When a resource is intentionally and permanently removed, servers use the `410 Gone` status code to inform clients that the resource is no longer available. In this case: * The server suggests that links referencing the resource should be removed. * The server is not obligated to use this status code instead of a `404` response, nor is it required to maintain this response for any specific period of time. For more details, refer to [RFC 7231 ↗](https://tools.ietf.org/html/rfc7231). ### Common use cases This status is commonly applied to deprecated content, such as outdated pages or discontinued products. ### Cloudflare-specific information Cloudflare does not generate `410` for customer websites, we only proxy the request from the origin server. If you encounter a `410` error on a Cloudflare-powered site, the issue lies with the origin server. In such cases, contact your hosting provider for assistance. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/","name":"4xx Client Error"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/error-410/","name":"Error 410"}}]} ``` --- --- title: Error 411 description: The 411 Length Required status code indicates that the client did not specify the Content-Length of the request body in the headers, and this information is required to obtain the resource. The client may resend the request after adding the required header field. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 411 ## 411 Length Required The `411 Length Required` status code indicates that the client did not specify the `Content-Length` of the request body in the headers, and this information is required to obtain the resource. The client may resend the request after adding the required header field. For more details, refer to [RFC 7231 ↗](https://tools.ietf.org/html/rfc7231). ### Common use cases This status code can occur in various scenarios, such as when a client sends an API request without the required `Content-Length` header, when uploading a file where the server needs the header to allocate resources, or when proxies or legacy systems enforce strict HTTP compliance. In each case, the server or intermediary requires the `Content-Length` header to process the request properly. ### Cloudflare-specific information Cloudflare does not generate `411` for customer websites, we only proxy the request from the origin server. If you encounter a `411` error on a Cloudflare-powered site, the issue lies with the origin server. In such cases, contact your hosting provider for assistance. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/","name":"4xx Client Error"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/error-411/","name":"Error 411"}}]} ``` --- --- title: Error 412 description: The 412 Precondition Failed status code indicates that the server denies the request because the resource does not meet the conditions specified by the client. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 412 ## 412 Precondition Failed The `412 Precondition Failed` status code indicates that the server denies the request because the resource does not meet the conditions specified by the client. For more details, refer to [RFC 7232 ↗](https://tools.ietf.org/html/rfc7232). ### Common use cases One common use case for the `412 Precondition Failed` status code is version control. For example, a client modifying an existing resource may set the `If-Unmodified-Since` header to ensure the resource has not been changed since the client downloaded it for editing. If another client edits the resource after the specified date but before the original client uploads their changes, the server will return a `412` response to prevent overwriting the newer updates. ### Cloudflare-specific information Cloudflare may serve this response: for more information please refer to [ETag Headers](https://developers.cloudflare.com/cache/reference/etag-headers/). ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/","name":"4xx Client Error"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/error-412/","name":"Error 412"}}]} ``` --- --- title: Error 413 description: The 413 Payload Too Large status code indicates that the server refuses to process the request because the payload sent by the client exceeds the server's acceptable size limit. The server may optionally close the connection. If this refusal would only happen temporarily, then the server should send a Retry-After header to specify when the client should try the request again. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 413 ## 413 Payload Too Large The `413 Payload Too Large` status code indicates that the server refuses to process the request because the payload sent by the client exceeds the server's acceptable size limit. The server may optionally close the connection. If this refusal would only happen temporarily, then the server should send a `Retry-After` header to specify when the client should try the request again. For more details, refer to [RFC 7231 ↗](https://tools.ietf.org/html/rfc7231). ### Common use cases The `413 Payload Too Large` status code often occurs when clients attempt to upload large files, such as videos or images, or send oversized request bodies, like JSON or XML payloads, that exceed the server's size limits. This can also happen during file transfers or API requests involving large datasets, prompting the server to reject the request. ### Cloudflare-specific information The upload limit for the Cloudflare API depends on your plan. If you exceed this limit, your API call will receive a `413 Request Entity Too Large` error. | Free | Pro | Business | Enterprise | | | --------------- | ------ | -------- | ---------- | ------- | | Availability | Yes | Yes | Yes | Yes | | Max upload size | 100 MB | 100 MB | 200 MB | 500+ MB | Keep in mind, customers can reduce the **Maximum Upload Size** from the zone's **Network** page which can cause a `413`. If you require a larger upload, break up requests into smaller chunks, change your DNS record to [DNS-only](https://developers.cloudflare.com/dns/proxy-status/#dns-only-records), or [upgrade your plan](https://developers.cloudflare.com/billing/change-plan/). ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/","name":"4xx Client Error"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/error-413/","name":"Error 413"}}]} ``` --- --- title: Error 414 description: The 414 URI Too Long status code indicates that the server refuses to process the request because the URI provided by the client is excessively long. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 414 ## 414 URI Too Long The `414 URI Too Long` status code indicates that the server refuses to process the request because the URI provided by the client is excessively long. For more details, refer to [RFC 7231 ↗](https://tools.ietf.org/html/rfc7231). ### Common use cases For example, if a client is attempting a `GET` request with an unusually long URI, such as one containing an excessive number of query parameters, after a `POST`, this could be seen as a security risk and a `414` is generated. ### Cloudflare-specific information Cloudflare will generate a `414` response if the URI length exceeds 32KB. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/","name":"4xx Client Error"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/error-414/","name":"Error 414"}}]} ``` --- --- title: Error 415 description: The 415 Unsupported Media Type status code indicates that the server refuses to process the request because the format of the payload is not supported. One way to identify and fix this issue would be to look at the Content-Type or Content-Encoding headers sent in the client's request. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 415 ## 415 Unsupported Media Type The `415 Unsupported Media Type` status code indicates that the server refuses to process the request because the format of the payload is not supported. One way to identify and fix this issue would be to look at the `Content-Type` or `Content-Encoding` headers sent in the client's request. For more details, refer to [RFC 7231 ↗](https://tools.ietf.org/html/rfc7231). ### Common use cases This may be triggered by submitting a file type or format that the server is not configured to handle, such as uploading an unsupported image or document format, may also trigger this error. ### Cloudflare-specific information Cloudflare typically passes this response from the origin server if it encounters an unsupported media type in the client's request payload. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/","name":"4xx Client Error"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/error-415/","name":"Error 415"}}]} ``` --- --- title: Error 416 description: The 416 Range Not Satisfiable status code indicates that the server cannot fulfill the requested range specified in the Range header of the client's request. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 416 ## 416 Range Not Satisfiable The `416 Range Not Satisfiable` status code indicates that the server cannot fulfill the requested range specified in the `Range` header of the client's request. For more details, refer to [RFC 7233 ↗](https://datatracker.ietf.org/doc/html/rfc7233). ### Common use cases This error can happen when a client requests a byte range outside the bounds of the resource, such as a range exceeding the file's total size. It can also happen if the server does not support partial content delivery or if there is a conflict between the requested range and the server's understanding of the resource, often caused by an outdated or invalid cache. ### Cloudflare-specific information Cloudflare typically serves this response when the origin server rejects a `Range` header request for a resource. This often occurs if the requested range exceeds the size of the file, as indicated in the `Content-Range` header. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/","name":"4xx Client Error"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/error-416/","name":"Error 416"}}]} ``` --- --- title: Error 417 description: The 417 Expectation Failed status code indicates that the server could not meet the requirements specified in the Expect header of the client's request. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 417 ## 417 Expectation Failed The `417 Expectation Failed` status code indicates that the server could not meet the requirements specified in the `Expect` header of the client's request. For more details, refer to [RFC 7231 ↗](https://tools.ietf.org/html/rfc7231). ### Common use cases Some clients use the `Expect` header, such as `Expect: 100-continue`, to verify if the server is ready to receive a large payload, and if the server cannot fulfill this expectation, it returns a 417 response. Similarly, a server may reject a request with this error if the client includes an `Expect` header with unsupported or invalid values. ### Cloudflare-specific information Cloudflare typically forwards this response from the origin server if it encounters an issue related to unsupported or unfulfilled `Expect` headers in the client's request. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/","name":"4xx Client Error"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/error-417/","name":"Error 417"}}]} ``` --- --- title: Error 429 description: The 429 Too Many Requests status code indicates that the client has sent too many requests in a specified amount of time, as determined by the server's rate-limiting rules. The server may include a Retry-After header in the response to specify when the client can try again. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 429 ## 429 Too Many Requests The `429 Too Many Requests` status code indicates that the client has sent too many requests in a specified amount of time, as determined by the server's rate-limiting rules. The server may include a `Retry-After` header in the response to specify when the client can try again. For more details, refer to [RFC 6585 ↗](https://tools.ietf.org/html/rfc6585). ### Common use cases Servers use this status code to prevent excessive API requests from overloading the system. For example, a client making repeated API calls within a short time frame may trigger a 429 response. Websites or services may impose rate limits to manage traffic spikes or prevent abuse, temporarily blocking excessive requests from users. ### Cloudflare-specific information #### Cloudflare API limits | Type | Limit | | --------------------------------- | ----------------------------------- | | Client API per user/account token | 1200/5 minutes | | Client API per IP | 200/second | | GraphQL | Varies by query cost. Max 320/5 min | | User API token quota | 50 | | Account API token quota | 500 | Note The global rate limit for the Cloudflare API is 1,200 requests per five minute period per user, and applies cumulatively regardless of whether the request is made via the dashboard, API key, or API token. If you exceed this limit, all API calls for the next five minutes will be blocked, receiving a `HTTP 429 - Too Many Requests` response. Some specific API calls have their own limits and are documented separately, such as the following: * [Cache Purge APIs](https://developers.cloudflare.com/cache/how-to/purge-cache/#availability-and-limits) * [GraphQL APIs](https://developers.cloudflare.com/analytics/graphql-api/limits/) * [Rulesets APIs](https://developers.cloudflare.com/ruleset-engine/rulesets-api/#limits) * [Lists API](https://developers.cloudflare.com/waf/tools/lists/lists-api/#rate-limiting-for-lists-api-requests) * [Gateway Lists API](https://developers.cloudflare.com/cloudflare-one/reusable-components/lists/#api-rate-limit) Enterprise customers can also [contact Cloudflare Support](https://developers.cloudflare.com/support/contacting-cloudflare-support/) to raise the Client API per user, GraphQL, or API token limits to a higher value. #### R2 managed public buckets Cloudflare applies rate limiting to requests for R2 managed public buckets accessed via `r2.dev`. This helps protect customers from abuse and overuse of public buckets. For details, refer to [Rate limiting on managed public buckets through r2.dev](https://developers.cloudflare.com/r2/platform/limits/#rate-limiting-on-managed-public-buckets-through-r2dev). #### Website end users Cloudflare will generate a `429` response when a request is being [rate limited ↗](https://www.cloudflare.com/rate-limiting/). If visitors to your site encounter this error, it will be visible in the [Rate Limiting Analytics](https://developers.cloudflare.com/waf/reference/legacy/old-rate-limiting/#analytics) dashboard. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/","name":"4xx Client Error"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/error-429/","name":"Error 429"}}]} ``` --- --- title: Error 451 description: The 451 status code indicates that the server cannot deliver the requested resource due to legal actions or restrictions. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 451 ## 451 Unavailable For Legal Reason The `451` status code indicates that the server cannot deliver the requested resource due to legal actions or restrictions. For more details, refer to [RFC 7725 ↗](https://tools.ietf.org/html/rfc7725). ### Common use cases This occurs when access to a resource is blocked due to court orders, copyright claims, or other legal demands. Typically search engines (for example, Google) and ISP (for example, ATT) are the ones affected by this response code, rather than the origin server itself. The server should include an explanation in the response body, detailing the legal demand or reason for the restriction. ### Cloudflare-specific information Cloudflare may pass through a `451` response from the origin server if the requested resource is legally restricted. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/","name":"4xx Client Error"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/error-451/","name":"Error 451"}}]} ``` --- --- title: Error 499 description: The HTTP 499 response code typically occurs when a client terminates the connection before the server is able to respond. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 499 ## 499 Client Close Request The `HTTP 499` response code typically occurs when a client terminates the connection before the server is able to respond. ### Common use cases Examples of `499` response code include situations where a client times out and closes the connection before the server completes processing, such as during large file uploads or long-running requests. They can also occur due to issues in the TCP three-way handshake, where the client terminates the connection prematurely because of its timeout settings. ### Cloudflare-specific information The `499 Client Closed Request` status code is specific to nginx and indicates that the client closed the connection while the server was still processing the request, preventing the server from sending a status code in response. This status code appears in [Cloudflare Logs](https://developers.cloudflare.com/logs/) and status code analytics for Enterprise customers. Note Since Cloudflare is built on nginx, the 499 HTTP code is also logged in Cloudflare Logs and analytics for connections terminated by clients before Cloudflare has finished processing the request. It is expected to occasionally see these entries in your logs as clients close connections. To provide more context, a TCP connection must be established between Cloudflare and the website's origin server before any higher protocol (such as HTTP) begins communication. TCP uses a three-way handshake to establish connection: * **SYN**: Cloudflare sends a SYN packet to the origin server. * **SYN+ACK**: The origin server responds with a SYN+ACK packet. * **ACK**: Cloudflare sends an ACK packet back to the origin server. At this point, the connection is established, and both Cloudflare and the origin server can communicate. However, if the origin server does not send a SYN+ACK back to Cloudflare within 19 seconds, Cloudflare retries once more, with another 15-second timeout. Depending on the client-side timeout settings, the following scenarios can occur: * **Shorter client timeout (less than 38 seconds)**: If the client has a shorter timeout, it will abandon the connection before Cloudflare completes processing, and a `499` response code will be logged. * **Successful connection (more than 38 seconds)**: If the client has a longer timeout and the TCP connection is successfully established, the HTTP transaction proceeds normally, and Cloudflare returns a standard status code (`HTTP 200`). * **Handshake failure**: If the client has a longer timeout but Cloudflare cannot establish the TCP handshake with the origin server, Cloudflare will return an `HTTP 522` status code. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/","name":"4xx Client Error"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/4xx-client-error/error-499/","name":"Error 499"}}]} ``` --- --- title: Cloudflare 10xxx errors description: When working with Cloudflare Lists or Bulk Redirects, you may encounter 10xxx error codes. These errors typically point to misconfigurations or unsupported values in your request, such as duplicate list entries, malformed URLs, or incompatible redirect settings. This guide provides detailed explanations and resolutions for each error to help you troubleshoot and resolve issues. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Cloudflare 10xxx errors When working with Cloudflare Lists or Bulk Redirects, you may encounter 10xxx error codes. These errors typically point to misconfigurations or unsupported values in your request, such as duplicate list entries, malformed URLs, or incompatible redirect settings. This guide provides detailed explanations and resolutions for each error to help you troubleshoot and resolve issues. ## Error 10028: The add list items operation contains duplicate items For a complete description of this error refer to the [Error 10028](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10028/) page. ## Error 10043: Source URL in redirect is too long For a complete description of this error refer to the [Error 10043](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10043/) page. ## Error 10044: Target URL in redirect is too long For a complete description of this error refer to the [Error 10044](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10044/) page. ## Error 10045: Invalid redirect source URL For a complete description of this error refer to the [Error 10045](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10045/) page. ## Error 10046: Invalid redirect target URL For a complete description of this error refer to the [Error 10046](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10046/) page. ## Error 10047: Invalid redirect status code For a complete description of this error refer to the [Error 10047](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10047/) page. ## Error 10048: Preserve path suffix requires subpath matching enabled For a complete description of this error refer to the [Error 10048](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10048/) page. ## Error 10049: Invalid scheme in redirect source URL For a complete description of this error refer to the [Error 10049](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10049/) page. ## Error 10050: Invalid redirect source URL with user info For a complete description of this error refer to the [Error 10050](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10050/) page. ## Error 10051: Missing authority in redirect source URL For a complete description of this error refer to the [Error 10051](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10051/) page. ## Error 10052: Invalid redirect source URL with port For a complete description of this error refer to the [Error 10052](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10052/) page. ## Error 10053: Invalid redirect source URL with query string For a complete description of this error refer to the [Error 10053](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10053/) page. ## Error 10054: Invalid redirect source URL with fragment For a complete description of this error refer to the [Error 10054](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10054/) page. ## Error 10055: Query string settings incompatible with redirect target URL For a complete description of this error refer to the [Error 10055](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10055/) page. ## Error 10056: The add list items operation contains different types of list items For a complete description of this error refer to the [Error 10056](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10056/) page. ## Error 10058: List items incompatible with list type For a complete description of this error refer to the [Error 10058](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10058/) page. ## Error 10059: Maximum number of repeated URL source paths exceeded For a complete description of this error refer to the [Error 10059](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10059/) page. ## Error 10060: Missing scheme in redirect target URL For a complete description of this error refer to the [Error 10060](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10060/) page. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/","name":"Cloudflare 10xxx errors"}}]} ``` --- --- title: Error 10028 description: This error indicates that the operation to add items to a list contains duplicate entries within the same request. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 10028 ## Error 10028: The add list items operation contains duplicate items This error indicates that the operation to add items to a list contains duplicate entries within the same request. ### Common causes This error occurs when there are duplicate list items in a single operation to add items to a List (either an IP list or a Bulk Redirect List). This error can happen when you: * Add a repeated IP address to an IP list * Add a repeated source URL to a Bulk Redirect List ### Resolution You need to remove the duplicate item and try again. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/","name":"Cloudflare 10xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10028/","name":"Error 10028"}}]} ``` --- --- title: Error 10043 description: This error indicates that the source URL in a redirect exceeds the maximum allowed length. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 10043 ## Error 10043: Source URL in redirect is too long This error indicates that the source URL in a redirect exceeds the maximum allowed length. ### Common causes This error occurs when the source URL value of a URL redirect is too long. The maximum length of a source URL is 32,768 characters. Possible causes of this error are: * Dynamic URLs that contain excessive query parameters or tracking codes. * Unnecessary path segments or redundant subdirectories in the URL. ### Resolution You need to use a shorter URL as the source URL. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/","name":"Cloudflare 10xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10043/","name":"Error 10043"}}]} ``` --- --- title: Error 10044 description: This error indicates that the target URL in a redirect exceeds the maximum allowed length. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 10044 ## Error 10044: Target URL in redirect is too long This error indicates that the target URL in a redirect exceeds the maximum allowed length. ### Common causes This error occurs when the target URL value of a URL redirect is too long. The maximum length of a target URL is 32,768 characters. Possible causes of this error are: * Dynamic URLs that contain excessive query parameters or tracking codes. * Unnecessary path segments or redundant subdirectories in the URL. ### Resolution You need to use a shorter URL as the target URL. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/","name":"Cloudflare 10xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10044/","name":"Error 10044"}}]} ``` --- --- title: Error 10045 description: This error indicates that the source URL for a redirect is not valid. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 10045 ## Error 10045: Invalid redirect source URL This error indicates that the source URL for a redirect is not valid. ### Common causes This error occurs when the source URL provided for a URL redirect is not valid, preventing the redirect from functioning properly due to missing components, such as the scheme (for instance, `http` or `https`) or improper formatting. ### Resolution You need to specify a valid URL as the source URL. Refer to [Supported URL components in Bulk Redirects](https://developers.cloudflare.com/rules/url-forwarding/bulk-redirects/reference/url-components/) for details on the supported URL components for redirect source URLs. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/","name":"Cloudflare 10xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10045/","name":"Error 10045"}}]} ``` --- --- title: Error 10046 description: This error indicates that the target URL provided for a URL redirect is not valid. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 10046 ## Error 10046: Invalid redirect target URL This error indicates that the target URL provided for a URL redirect is not valid. ### Common causes This error occurs when the target URL provided for a URL redirect is not valid, preventing the redirect from functioning properly due to missing components, such as the scheme (for instance, `http` or `https`) or improper formatting. ### Resolution You need to specify a valid URL as the target URL. Refer to [Supported URL components in Bulk Redirects](https://developers.cloudflare.com/rules/url-forwarding/bulk-redirects/reference/url-components/) for details on the supported URL components for redirect target URLs. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/","name":"Cloudflare 10xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10046/","name":"Error 10046"}}]} ``` --- --- title: Error 10047 description: This error indicates that an unsupported or incorrectly formatted status code was specified for the URL redirect. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 10047 ## Error 10047: Invalid redirect status code This error indicates that an unsupported or incorrectly formatted status code was specified for the URL redirect. ### Common causes This error occurs when you specify a URL redirect status code that is not supported, typically due to entering an invalid number or using an unsupported or deprecated status code. ### Resolution Use one of the supported status codes in the URL redirect: `301`, `302`, `307`, or `308`. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/","name":"Cloudflare 10xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10047/","name":"Error 10047"}}]} ``` --- --- title: Error 10048 description: This error indicates a configuration mismatch where the Preserve path suffix option is used without enabling Subpath matching in a URL redirect. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 10048 ## Error 10048: Preserve path suffix requires subpath matching enabled This error indicates a configuration mismatch where the **Preserve path suffix** option is used without enabling **Subpath matching** in a URL redirect. ### Common causes This error occurs when you enable the **Preserve path suffix** option in a redirect without enabling the **Subpath matching** option. The **Preserve path suffix** option of a URL redirect is only applicable when the **Subpath matching** option is also enabled. ### Resolution Enable **Subpath matching** for the URL redirect with **Preserve path suffix** enabled. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/","name":"Cloudflare 10xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10048/","name":"Error 10048"}}]} ``` --- --- title: Error 10049 description: This error indicates that the source URL's scheme is invalid. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 10049 ## Error 10049: Invalid scheme in redirect source URL This error indicates that the source URL's scheme is invalid. ### Common causes This error occurs when the source URL of a URL redirect has an invalid scheme, which may be due to a misspelled or unsupported scheme or because the scheme is missing or improperly formatted. ### Resolution Review the source URL and ensure that it uses one of the supported schemes: `http`, `https`, or empty (no scheme information, which means that it applies to both schemes). Refer to [Supported URL components in Bulk Redirects](https://developers.cloudflare.com/rules/url-forwarding/bulk-redirects/reference/url-components/) for details on the supported URL components for redirect source URLs. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/","name":"Cloudflare 10xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10049/","name":"Error 10049"}}]} ``` --- --- title: Error 10050 description: This error indicates that the source URL includes unsupported user information. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 10050 ## Error 10050: Invalid redirect source URL with user info This error indicates that the source URL includes unsupported user information. ### Common causes This error occurs when the source URL of a URL redirect includes a user info component (for example, `https://user:password@example.com`), which is not supported. ### Resolution You need to remove the user information component from the redirect source URL. Refer to [Supported URL components in Bulk Redirects](https://developers.cloudflare.com/rules/url-forwarding/bulk-redirects/reference/url-components/) for details on the supported URL components for redirect source URLs. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/","name":"Cloudflare 10xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10050/","name":"Error 10050"}}]} ``` --- --- title: Error 10051 description: This error indicates that the source URL is missing a required authority component. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 10051 ## Error 10051: Missing authority in redirect source URL This error indicates that the source URL is missing a required authority component. ### Common causes This error occurs when the source URL of a URL redirect does not include an authority component (for example, `http:///path`, without a hostname), which is mandatory. ### Resolution Add an authority component to the redirect source URL (for example, include a hostname). Refer to [Supported URL components in Bulk Redirects](https://developers.cloudflare.com/rules/url-forwarding/bulk-redirects/reference/url-components/) for details on the required URL components for redirect source URLs. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/","name":"Cloudflare 10xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10051/","name":"Error 10051"}}]} ``` --- --- title: Error 10052 description: This error indicates that the source URL includes an unsupported port. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 10052 ## Error 10052: Invalid redirect source URL with port This error indicates that the source URL includes an unsupported port. ### Common causes This error occurs when the source URL of a URL redirect includes a port (for example, `https://example.com:8081`), which is not supported. Possible causes include using a custom or non-standard port, copying a URL from another environment that includes a port, or mistakenly using a development or testing URL. ### Resolution Remove the port from the redirect source URL. Refer to [Supported URL components in Bulk Redirects](https://developers.cloudflare.com/rules/url-forwarding/bulk-redirects/reference/url-components/) for details on the supported URL components for redirect source URLs. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/","name":"Cloudflare 10xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10052/","name":"Error 10052"}}]} ``` --- --- title: Error 10053 description: This error indicates that the source URL contains an unsupported query string component. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 10053 ## Error 10053: Invalid redirect source URL with query string This error indicates that the source URL contains an unsupported query string component. ### Common causes This error occurs when the source URL of a URL redirect includes a query string component, which is not supported. Possible causes include copying a URL with query parameters, misconfiguration during setup, or attempting to redirect based on query parameters instead of the path. ### Resolution Remove the query string from the redirect source URL. Refer to [Supported URL components in Bulk Redirects](https://developers.cloudflare.com/rules/url-forwarding/bulk-redirects/reference/url-components/) for details on the supported URL components for redirect source URLs. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/","name":"Cloudflare 10xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10053/","name":"Error 10053"}}]} ``` --- --- title: Error 10054 description: This error indicates that the source URL includes an unsupported fragment component. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 10054 ## Error 10054: Invalid redirect source URL with fragment This error indicates that the source URL includes an unsupported fragment component. ### Common causes This error occurs when the source URL of a URL redirect includes a fragment component (for example, `https://example.com/search/#fragment`). Fragment components are not part of an HTTP request; they are an indication for the browser to scroll to a specific location once the page has loaded. Possible causes of this error include copying a URL with a fragment from a browser or external source, or inadvertently adding a fragment during URL configuration or editing. ### Resolution Remove the fragment from the redirect source URL. Refer to [Supported URL components in Bulk Redirects](https://developers.cloudflare.com/rules/url-forwarding/bulk-redirects/reference/url-components/) for details on the supported URL components for redirect source URLs. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/","name":"Cloudflare 10xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10054/","name":"Error 10054"}}]} ``` --- --- title: Error 10055 description: This error indicates a conflict between the Preserve query string option and the query string in the redirect target URL. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 10055 ## Error 10055: Query string settings incompatible with redirect target URL This error indicates a conflict between the **Preserve query string** option and the query string in the redirect target URL. ### Common causes This error occurs when you enable the **Preserve query string** option of a URL redirect, but also provide a query string in the redirect target URL. In this case, the URL redirect would have conflicting configuration on how to handle the query string of incoming requests. ### Resolution To resolve this issue, either disable the **Preserve query string** option in the URL redirect or remove the query string component from the redirect target URL to eliminate the conflict. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/","name":"Cloudflare 10xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10055/","name":"Error 10055"}}]} ``` --- --- title: Error 10056 description: This error indicates that different types of list items were combined in a single add operation. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 10056 ## Error 10056: The add list items operation contains different types of list items This error indicates that different types of list items were combined in a single add operation. ### Common causes This error occurs when different types of list items (such as IP addresses, hostnames, and URL redirects) are included in a single operation to add items to a list. It can occur with an IP list, a hostname list, or a Bulk Redirect List. ### Resolution Remove the list items that do not apply to the list type. This means: * Removing IP addresses from a request to add items to a Bulk Redirect List. * Removing URL redirects from a request to add items to an IP list. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/","name":"Cloudflare 10xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10056/","name":"Error 10056"}}]} ``` --- --- title: Error 10058 description: This error indicates that incompatible items were added to the wrong list type. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 10058 ## Error 10058: List items incompatible with list type This error indicates that incompatible items were added to the wrong list type. ### Common causes This error occurs when you are adding items to a list (either IP list, hostname list, or Bulk Redirect List) and the list items are incompatible with the list type. ### Resolution Make sure you are adding the items to the correct list: * Custom lists with IP addresses (IP lists) can only contain IP addresses as list items. * Custom lists with hostnames can only contain hostnames as list items. * Bulk Redirect Lists can only contain URL redirects as list items. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/","name":"Cloudflare 10xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10058/","name":"Error 10058"}}]} ``` --- --- title: Error 10059 description: This error indicates that the same URL path is repeated too many times across your Bulk Redirect Lists. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 10059 ## Error 10059: Maximum number of repeated URL source paths exceeded This error indicates that the same URL path is repeated too many times across your Bulk Redirect Lists. ### Common causes This error occurs when you have more than the maximum number of URL redirects with the same source URL path across all Bulk Redirect Lists in your account, regardless of the URL redirect domain. Possible causes include multiple lists containing the same redirects, overlapping configurations, or mismanagement resulting in duplicated source URL paths. ### Resolution Review the path of your source URLs so that you do not have more than the maximum number of URL redirects sharing the same URL path in your account, regardless of their domain or the list they belong to. Refer to [URL redirect parameters](https://developers.cloudflare.com/rules/url-forwarding/bulk-redirects/reference/parameters/) for more information on the current limits. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/","name":"Cloudflare 10xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10059/","name":"Error 10059"}}]} ``` --- --- title: Error 10060 description: This error indicates that the target URL is missing a scheme. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 10060 ## Error 10060: Missing scheme in redirect target URL This error indicates that the target URL is missing a scheme. ### Common causes This error occurs when the target URL of a URL redirect does not include a scheme, which is mandatory. This could have happened due to a typo or the URL was copied from a source that did not include the scheme. ### Resolution Review the target URL of the URL redirect and ensure that it contains a scheme (for example, `https`). Refer to [Supported URL components in Bulk Redirects](https://developers.cloudflare.com/rules/url-forwarding/bulk-redirects/reference/url-components/) for details on the required URL components for redirect target URLs. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/","name":"Cloudflare 10xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-10xxx-errors/error-10060/","name":"Error 10060"}}]} ``` --- --- title: Cloudflare 1xxx errors description: The errors covered in this document may occur when accessing a website proxied by Cloudflare. For issues related to the Cloudflare API or dashboard, refer to our Cloudflare API documentation. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Cloudflare 1xxx errors The errors covered in this document may occur when accessing a website proxied by Cloudflare. For issues related to the Cloudflare API or dashboard, refer to our [Cloudflare API documentation](https://developers.cloudflare.com/api/). HTTP errors such as `409`, `530`, `403`, and `429` are returned in the HTTP status header of a response, while 1XXX errors appear in the HTML body of the response. Customize error pages Refer to [Custom Errors](https://developers.cloudflare.com/rules/custom-errors/) for instructions on customizing the default error pages discussed in this article. ### Support and assistance If the suggested resolutions for each error do not resolve the issue, contact [Cloudflare Support](https://developers.cloudflare.com/support/contacting-cloudflare-support/). * Only the website owner can contact Cloudflare for technical support. You can find a domain's contact details via the [Whoisdatabase ↗](https://lookup.icann.org/). * Pro, Business and Enterprise plan users have access to email support. * Business and Enterprise users can also access chat support. * For additional support options, refer to the [Cloudflare plans ↗](https://www.cloudflare.com/plans/). ## Error 1000: DNS points to prohibited IP For a complete description of this error refer to the [Error 1000](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1000/) page. ## Error 1001: DNS resolution error For a complete description of this error refer to the [Error 1001](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1001/) page. ## Error 1002: DNS points to Prohibited IP For a complete description of this error refer to the [Error 1002: DNS points to Prohibited IP](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1002/#error-1002-dns-points-to-prohibited-ip) page. ## Error 1002: Restricted For a complete description of this error refer to the [Error 1002: Restricted](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1002/#error-1002-restricted) page. ## Error 1003 Access Denied: Direct IP Access Not Allowed For a complete description of this error refer to the [Error 1003](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1003/) page. ## Error 1004: Host Not Configured to Serve Web Traffic For a complete description of this error refer to the [Error 1004](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1004/) page. ## Errors 1005 Access Denied: Autonomous System Number (ASN) banned For a complete description of this error refer to the [Error 1005](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1005/) page. ## Errors 1006, 1007, 1008 or 1106 Access Denied: Your IP address has been banned For a complete description of this error refer to the [Error 1006, 1007, 1008 or 1106](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1006/) page. ## Errors 1009 Access Denied: Country or region banned For a complete description of this error refer to the [Error 1009](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1009/) page. ## Error 1010: The owner of this website has banned your access based on your browser's signature For a complete description of this error refer to the [Error 1010](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1010/) page. ## Error 1011: Access Denied (Hotlinking Denied) For a complete description of this error refer to the [Error 1011](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1011/) page. ## Error 1012: Access Denied For a complete description of this error refer to the [Error 1012](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1012/) page. ## Error 1013: HTTP hostname and TLS SNI hostname mismatch For a complete description of this error refer to the [Error 1013](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1013/) page. ## Error 1014: CNAME Cross-User Banned For a complete description of this error refer to the [Error 1014](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1014/) page. ## Error 1015: You are being rate limited For a complete description of this error refer to the [Error 1015](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1015/) page. ## Error 1016: Origin DNS error For a complete description of this error refer to the [Error 1016](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1016/) page. ## Error 1018: Could not find host For a complete description of this error refer to the [Error 1018](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1018/) page. ## Error 1019: Compute server error For a complete description of this error refer to the [Error 1019](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1019/) page. ## Error 1020: Access denied For a complete description of this error refer to the [Error 1020](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1020/) page. ## Error 1023: Could not find host For a complete description of this error refer to the [Error 1023](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1023/) page. ## Error 1025: Please check back later For a complete description of this error refer to the [Error 1025](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1025/) page. ## Error 1033: Argo Tunnel error For a complete description of this error refer to the [Error 1033](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1033/) page. ## Error 1034: Edge IP Restricted For a complete description of this error refer to the [Error 1034](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1034/) page. ## Error 1035: Invalid request rewrite (invalid URI path) For a complete description of this error refer to the [Error 1035](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1035/) page. ## Error 1036: Invalid request rewrite (maximum length exceeded) For a complete description of this error refer to the [Error 1036](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1036/) page. ## Error 1037: Invalid rewrite rule (failed to evaluate expression) For a complete description of this error refer to the [Error 1037](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1037/) page. ## Error 1040: Invalid request rewrite (header modification not allowed) For a complete description of this error refer to the [Error 1040](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1040/) page. ## Error 1041: Invalid request rewrite (invalid header value) For a complete description of this error refer to the [Error 1041](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1041/) page. ## Error 1101: Rendering error For a complete description of this error refer to the [Error 1101](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1101/) page. ## Error 1102: Rendering error For a complete description of this error refer to the [Error 1102](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1102/) page. ## Error 1104: A variation of this email address is already taken in our system. Only one variation is allowed. For a complete description of this error refer to the [Error 1104](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1104/) page. ## Error 1200: Cache connection limit For a complete description of this error refer to the [Error 1200](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1200/) page. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}}]} ``` --- --- title: Error 1000 description: This error indicates that a Cloudflare DNS record points to a prohibited IP, blocking access to the requested domain. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1000 ## Error 1000: DNS points to prohibited IP This error indicates that a Cloudflare DNS record points to a prohibited IP, blocking access to the requested domain. ### Common causes Cloudflare halted the request for one of the following reasons: * An A record within your Cloudflare DNS app points to a [Cloudflare IP address ↗](https://www.cloudflare.com/ips/), or a Load Balancer Origin points to a proxied record. * Your Cloudflare DNS A or CNAME record references another reverse proxy (such as an nginx web server that uses the proxy\_pass function) that then proxies the request to Cloudflare a second time. * The request `X-Forwarded-For` header is longer than 100 characters. * The request includes two `X-Forwarded-For` headers. * The request includes a `CF-Connecting-IP` header. * A Server Name Indication (SNI) issue or mismatch at the origin. ### Resolution * If an A record within your Cloudflare DNS app points to a [Cloudflare IP address ↗](https://www.cloudflare.com/ips/), update the IP address to your origin web server IP address. Reach out to your hosting provider if you need help obtaining the origin IP address. * There is a reverse-proxy at your origin that sends the request back through the Cloudflare proxy. Instead of using a reverse-proxy, contact your hosting provider or site administrator to configure an HTTP redirect at your origin. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1000/","name":"Error 1000"}}]} ``` --- --- title: Error 1001 description: This error indicates a DNS resolution failure preventing access to the requested domain. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1001 ## Error 1001: DNS resolution error This error indicates a DNS resolution failure preventing access to the requested domain. ### Common causes * A web request was sent to a Cloudflare IP address for a non-existent Cloudflare domain. * An external domain that is not on using Cloudflare has a CNAME record to a domain active on Cloudflare * The target of the DNS CNAME record does not resolve. * A CNAME record in your Cloudflare DNS app requires resolution via a DNS provider that is currently offline. * [Always Online](https://developers.cloudflare.com/cache/how-to/always-online/) is enabled for a [Custom Hostname (Cloudflare for SaaS)](https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/) domain. ### Resolution A non-Cloudflare domain cannot CNAME to a Cloudflare domain, unless the non-Cloudflare domain is added to a Cloudflare account. Attempting to directly access DNS records used for [Cloudflare CNAME setups](https://developers.cloudflare.com/dns/zone-setups/partial-setup) also causes error 1001\. For example, `www.example.com.cdn.cloudflare.net`. Disable [Always Online](https://developers.cloudflare.com/cache/how-to/always-online/#enable-always-online), if using [Custom Hostname (Cloudflare for SaaS)](https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/) domain. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1001/","name":"Error 1001"}}]} ``` --- --- title: Error 1002 description: This error indicates that a Cloudflare DNS record points to a prohibited IP, preventing proper domain resolution. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1002 ## Error 1002: DNS points to Prohibited IP This error indicates that a Cloudflare DNS record points to a prohibited IP, preventing proper domain resolution. ### Common causes * A DNS record in your Cloudflare DNS app points to one of [Cloudflare's IP addresses ↗](https://www.cloudflare.com/ips/). * An incorrect target is specified for a CNAME record in your Cloudflare DNS app. * Your domain is not on Cloudflare but has a CNAME that refers to a Cloudflare domain. ### Resolution Update your Cloudflare A or CNAME record to point to your origin IP address instead of a Cloudflare IP address: 1. Contact your hosting provider to confirm your origin IP address or CNAME record target. 2. In the Cloudflare dashboard, go to the **Records** page. [ Go to **Records** ](https://dash.cloudflare.com/?to=/:account/:zone/dns/records) 3. Select the domain that generates error 1002. 4. Select the **DNS** app. 5. Select **Value** for the A record to update. 6. Update the A record. To ensure your origin web server does not proxy its own requests through Cloudflare, configure your origin webserver to resolve your Cloudflare domain to: * The internal NAT'd IP address, or * The public IP address of the origin web server. ## Error 1002: Restricted This error indicates that the domain resolves to a restricted or disallowed IP address. ### Common cause The Cloudflare domain resolves to a local or disallowed IP address or an IP address not associated with the domain. ### Resolution If you own the website: 1. Confirm your origin web server IP addresses with your hosting provider, 2. Log in to your Cloudflare account, and 3. Update the A records in the Cloudflare DNS app to the IP address confirmed by your hosting provider. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1002/","name":"Error 1002"}}]} ``` --- --- title: Error 1003 description: This error indicates that direct access to a Cloudflare IP address is not allowed. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1003 ## Error 1003 Access Denied: Direct IP Access Not Allowed This error indicates that direct access to a Cloudflare IP address is not allowed. ### Common cause A client or browser directly accesses a [Cloudflare IP address ↗](https://www.cloudflare.com/ips). ### Resolution Browse to the website domain name in your URL instead of the Cloudflare IP address. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1003/","name":"Error 1003"}}]} ``` --- --- title: Error 1004 description: This error indicates that the host is not configured to serve web traffic. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1004 ## Error 1004: Host Not Configured to Serve Web Traffic This error indicates that the host is not configured to serve web traffic. ### Common causes * Cloudflare staff disabled proxying for the domain due to abuse or terms of service violations. * DNS changes have not yet propagated or the site owner's DNS A records point to [Cloudflare IP addresses ↗](https://www.cloudflare.com/ips). ### Resolution If the issue persists beyond five minutes, [contact Cloudflare Support](https://developers.cloudflare.com/support/contacting-cloudflare-support/). ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1004/","name":"Error 1004"}}]} ``` --- --- title: Error 1005 description: This error indicates that access to the website is denied due to the banning of the Autonomous System Number (ASN). image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1005 ## Errors 1005 Access Denied: Autonomous System Number (ASN) banned This error indicates that access to the website is denied due to the banning of the Autonomous System Number (ASN). ### Common causes The owner of the website (for example, `example.com`) has banned the autonomous system number (ASN) from accessing the website. ### Resolution If you are not the website owner, provide the website owner with a screenshot of the 1005 error message you received. If you are the website owner: 1. Retrieve a screenshot of the `1005` error from your customer 2. Search the [**Security Events log**](https://developers.cloudflare.com/waf/analytics/security-events/) (available at **Security** \> **Events**) for the [**Ray ID**](https://developers.cloudflare.com/fundamentals/reference/cloudflare-ray-id/), or client IP Address from the visitor's 1005 error message. Note Convert the UTC timestamp of the `1005` error to your local timezone when searching in the **Security Events log**. 1. Assess the cause of the block and ensure the ASN is allowed under the [IP Access Rules](https://developers.cloudflare.com/waf/tools/ip-access-rules/) security feature. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1005/","name":"Error 1005"}}]} ``` --- --- title: Error 1006, 1007, 1008 or 1106 description: This error indicates that access is denied because your IP address has been banned. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1006, 1007, 1008 or 1106 ## Errors 1006, 1007, 1008 or 1106 Access Denied: Your IP address has been banned This error indicates that access is denied because your IP address has been banned. ### Common causes A Cloudflare customer blocked traffic from your client or browser. Note Error 1006 also occurs in the Cloudflare **Workers** app under the **Preview** tab when a customer uses **[Zone Lockdown](https://developers.cloudflare.com/waf/tools/zone-lockdown/)** or any other Cloudflare security feature to block the Google Cloud Platform IPs that the **Preview** tab relies upon. ### Resolution Request the website owner to investigate their Cloudflare security settings or allow your client IP address. Since the website owner blocked your request, Cloudflare support cannot override a customer's security settings. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1006/","name":"Error 1006, 1007, 1008 or 1106"}}]} ``` --- --- title: Error 1009 description: This error indicates that access to the website is denied from your country or region. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1009 ## Errors 1009 Access Denied: Country or region banned This error indicates that access to the website is denied from your country or region. ### Common causes The owner of the website (for example, `example.com`) has banned the country or region your IP address from accessing the website. ### Resolution * If you are a site visitor, contact the site owner and ask them to allow your IP address. * If you are the site owner, ensure that the reported IP address is allowed under the [IP Access rules](https://developers.cloudflare.com/waf/tools/ip-access-rules/) security feature. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1009/","name":"Error 1009"}}]} ``` --- --- title: Error 1010 description: This error indicates that access to the website is denied based on your browser's signature. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1010 ## Error 1010: The owner of this website has banned your access based on your browser's signature This error indicates that access to the website is denied based on your browser's signature. ### Common cause A website owner blocked your request based on your client's web browser. ### Resolution Notify the website owner of the blocking. If you cannot determine how to contact the website owner, lookup contact information for the domain via the [Whois database ↗](https://lookup.icann.org/). Site owners can [turn off Browser Integrity Check](https://developers.cloudflare.com/waf/tools/browser-integrity-check/#disable-browser-integrity-check) in the Security **Settings** page. Note Since the website owner performed the blocking, Cloudflare support cannot override a customer's security settings. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1010/","name":"Error 1010"}}]} ``` --- --- title: Error 1011 description: This error indicates that access to the resource is denied due to hotlinking protection. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1011 ## Error 1011: Access Denied (Hotlinking Denied) This error indicates that access to the resource is denied due to hotlinking protection. ### Common cause A request is made for a resource that uses [Cloudflare hotlink protection](https://developers.cloudflare.com/waf/tools/scrape-shield/hotlink-protection/). ### Resolution Notify the website owner of the blocking. If you cannot determine how to contact the website owner, lookup contact information for the domain via the [Whois database ↗](https://lookup.icann.org/). Note Since the website owner performed the blocking, Cloudflare support cannot override a customer's security settings. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1011/","name":"Error 1011"}}]} ``` --- --- title: Error 1012 description: This error indicates that access to the website is denied. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1012 ## Error 1012: Access Denied This error indicates that access to the website is denied. ### Common cause A website owner forbids access based on malicious activity detected from the visitor's computer or network (ip\_address). The most likely cause is a virus or malware infection on the visitor's computer. ### Resolution Update your antivirus software and run a full system scan. Cloudflare can not override the security settings the site owner has set for the domain. To request website access, contact the site owner to allow your IP address. If you cannot determine how to contact the website owner, lookup contact information for the domain via the [Whois database ↗](https://lookup.icann.org/). Note Since the website owner performed the blocking, Cloudflare support cannot override a customer's security settings. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1012/","name":"Error 1012"}}]} ``` --- --- title: Error 1013 description: This error indicates a mismatch between the HTTP hostname and the TLS SNI hostname. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1013 ## Error 1013: HTTP hostname and TLS SNI hostname mismatch This error indicates a mismatch between the HTTP hostname and the TLS SNI hostname. ### Common cause The hostname sent by the client or browser via Server Name Indication (SNI) does not match the request host header. ### Resolution Error `1013` is commonly caused by the following: * Your local browser setting the incorrect SNI host header, or * A network proxying SSL traffic caused a mismatch between SNI and the Host header of the request. Test for an SNI mismatch via an online tool, such as [SSL Shopper ↗](https://www.sslshopper.com/ssl-checker.html). Provide Cloudflare Support the following information: * A [HAR file](https://developers.cloudflare.com/support/troubleshooting/general-troubleshooting/gathering-information-for-troubleshooting-sites/) captured while duplicating the error. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1013/","name":"Error 1013"}}]} ``` --- --- title: Error 1014 description: This error indicates that a CNAME record between domains in different Cloudflare accounts is prohibited. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1014 ## Error 1014: CNAME Cross-User Banned This error indicates that a CNAME record between domains in different Cloudflare accounts is prohibited. ### Common cause By default, Cloudflare prohibits a DNS CNAME record between domains in different Cloudflare accounts. CNAME records are permitted within a domain (`www.example.com` CNAME to `api.example.com`) and across zones within the same user account (`www.example.com` CNAME to `www.example.net`) or using our [Cloudflare for SaaS ↗](https://www.cloudflare.com/saas/) solution. Another common cause is connecting a custom domain to an R2 bucket, where the domain is an active zone with the [zone hold](https://developers.cloudflare.com/fundamentals/account/account-security/zone-holds/) feature enabled or if the zone is banned. ### Resolution * To allow CNAME record resolution to a domain in a different Cloudflare account, the domain owner of the CNAME target must use [Cloudflare for SaaS](https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/). * To allow connecting to a R2 bucket with a custom domain, disable the [zone hold](https://developers.cloudflare.com/fundamentals/account/account-security/zone-holds/) feature on the custom domain target zone to resolve the 1014 error. * To allow connections to an R2 bucket whose zone is banned: * First, check whether there is any [phishing report](https://developers.cloudflare.com/fundamentals/reference/report-abuse/complaint-types/) for the hostname (and request a review if there is one). * Second, make sure that you have no unpaid invoice(s), as you will not be able to enable any new services until [any outstanding balance](https://developers.cloudflare.com/billing/pay-invoices-overdue-balances/) is addressed. If this does not resolve the issue, contact your account team. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1014/","name":"Error 1014"}}]} ``` --- --- title: Error 1015 description: This error indicates that you are being rate limited by the website. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1015 ## Error 1015: You are being rate limited This error indicates that you are being rate limited by the website. ### Common cause The site owner implemented [rate limiting](https://developers.cloudflare.com/waf/rate-limiting-rules/) that affects your visitor traffic. Note _Unable to purge_ is another `1015` error code relating to [Cloudflare cache purge](https://developers.cloudflare.com/cache/how-to/purge-cache). Retry the cache purge and contact [Cloudflare support](https://developers.cloudflare.com/support/contacting-cloudflare-support/) if errors persist. ### Resolution * If you are a site visitor, contact the site owner to request exclusion of your IP from rate limiting. * If you are the site owner, review the current rate limiting thresholds and adjust your configuration. * If a rate limiting rule is blocking requests in a short time period (for example, one second) try increasing the time period to 10 seconds. Note If you expect a new Cloudflare Worker to exceed rate limits, refer to the [Workers documentation](https://developers.cloudflare.com/workers/platform/limits/) for guidance. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1015/","name":"Error 1015"}}]} ``` --- --- title: Error 1016 description: This error indicates that Cloudflare cannot resolve the origin web server's IP address. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1016 ## Error 1016: Origin DNS error This error indicates that Cloudflare cannot resolve the origin web server's IP address. ### Common cause Common causes for error `1016` are: * A missing DNS A record that mentions origin IP address. * A CNAME record in the Cloudflare DNS points to an unresolvable external domain. * The origin hostnames (CNAMEs) in your Cloudflare [Load Balancer](https://developers.cloudflare.com/load-balancing/) default, region, and fallback pools are unresolvable. Use a fallback pool configured with an origin IP as a backup in case all other pools are unavailable. * When creating a Spectrum app with a CNAME origin, you need first to create a CNAME on the Cloudflare DNS side that points to the origin. Please see [Spectrum CNAME origins](https://developers.cloudflare.com/spectrum/get-started/#create-a-spectrum-application-using-a-cname-record) for more details. * There is no DNS record for the hostname in the target [Partial (CNAME) setup zone](https://developers.cloudflare.com/dns/zone-setups/partial-setup/) of a Workers subrequest ([Fetch API](https://developers.cloudflare.com/workers/runtime-apis/fetch/)). ### Resolution To resolve error `1016`: 1. Verify your Cloudflare DNS settings include an A record that points to a valid IP address that resolves via a [DNS lookup tool ↗](https://dnschecker.org/). 2. For a CNAME record pointing to a different domain, ensure that the target domain resolves via a [DNS lookup tool ↗](https://dnschecker.org/). 3. For a Workers subrequest to a Partial (CNAME) setup zone, ensure that the hostname exists on the Cloudflare zone (and not only at the authoritative DNS). ## Error 1016 in the context of SSL for SaaS Cloudflare returns a `1016` error when the [custom hostname](https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/domain-support/create-custom-hostnames/) cannot be routed or proxied. ### Common cause * Custom hostname ownership validation is not complete. * Fallback origin is not [correctly set](https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/start/getting-started/#1-create-fallback-origin). * A wildcard custom hostname has been created, but the requested hostname is associated with a domain that exists in Cloudflare as a standalone zone. * There is no DNS record for the hostname in the Cloudflare for SaaS target zone. ### Resolution 1. To check validation status, run an API call to [search for a certificate by hostname](https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/start/common-api-calls/) and check the verification error field: `"verification_errors": ["custom hostname does not CNAME to this zone."]`. The error will be resolved once the status is `active`. 2. Confirm that you have created a DNS record for the [fallback origin](https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/start/getting-started/) and also set the fallback origin. 3. The [hostname priority](https://developers.cloudflare.com/ssl/reference/certificate-and-hostname-priority/#hostname-priority) for the standalone zone will take precedence over the wildcard custom hostname. This behavior applies even if there is no DNS record for this standalone zone hostname. Use a specific hostname instead of a wildcard or [remove the standalone zone from Cloudflare](https://developers.cloudflare.com/fundamentals/manage-domains/remove-domain/). 4. Make sure that each hostname that needs to be served by the Cloudflare for SaaS parent zone has been added as an individual custom hostname and has the status `active`. ## Workers If you encounter this error with a Worker, you might be using the [Fetch API in a partial zone setup](https://developers.cloudflare.com/workers/platform/known-issues/#fetch-api-in-cname-setup). ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1016/","name":"Error 1016"}}]} ``` --- --- title: Error 1018 description: This error indicates that the host could not be found. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1018 ## Error 1018: Could not find host This error indicates that the host could not be found. ### Common causes * The Cloudflare domain was recently activated and there is a delay propagating the domain's settings to the Cloudflare edge network. * The Cloudflare domain was created via a Cloudflare partner (for example, a hosting provider) and the provider's DNS failed. Note Error 1018 is returned via a HTTP `409` response code. ### Resolution Contact [Cloudflare Support](https://developers.cloudflare.com/support/contacting-cloudflare-support/) with the following details: * Your domain name. * A screenshot of the `1018` error including the [**Ray ID**](https://developers.cloudflare.com/fundamentals/reference/cloudflare-ray-id/) mentioned in the error message. * A [HAR file](https://developers.cloudflare.com/support/troubleshooting/general-troubleshooting/gathering-information-for-troubleshooting-sites/) captured while duplicating the error. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1018/","name":"Error 1018"}}]} ``` --- --- title: Error 1019 description: This error indicates a compute server error related to a Cloudflare Worker. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1019 ## Error 1019: Compute server error This error indicates a compute server error related to a Cloudflare Worker. ### Common cause A Cloudflare Worker script recursively references itself. ### Resolution Ensure your Cloudflare Worker does not access a URL that calls the same Workers script. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1019/","name":"Error 1019"}}]} ``` --- --- title: Error 1020 description: This error indicates that access to the website is denied by a Cloudflare firewall rule. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1020 ## Error 1020: Access denied This error indicates that access to the website is denied by a Cloudflare firewall rule. ### Common cause A client or browser is blocked by a Cloudflare customer's Firewall Rules (deprecated). ### Resolution If you are not the website owner, provide the website owner with a screenshot of the `1020` error message you received. If you are the website owner: * [ New dashboard ](#tab-panel-6660) * [ Old dashboard ](#tab-panel-6661) 1. Retrieve a screenshot of the 1020 error from your customer. 2. Search the [Security Events log](https://developers.cloudflare.com/waf/analytics/security-events/) (available at **Security** \> **Analytics**, in the **Events** tab) for the [Ray ID](https://developers.cloudflare.com/fundamentals/reference/cloudflare-ray-id/) or client IP address from the visitor's 1020 error message. [ Go to **Analytics** ](https://dash.cloudflare.com/?to=/:account/:zone/security/analytics) Note Convert the UTC timestamp of the `1020` error to your local timezone when searching in the Security Events log. 3. Assess the cause of the block and either update the Firewall Rule or allow the visitor's IP address in [IP Access Rules](https://developers.cloudflare.com/waf/tools/ip-access-rules/). 1. Retrieve a screenshot of the 1020 error from your customer. 2. Search the [Security Events log](https://developers.cloudflare.com/waf/analytics/security-events/) (available at **Security** \> **Events**) for the [Ray ID](https://developers.cloudflare.com/fundamentals/reference/cloudflare-ray-id/) or client IP address from the visitor's 1020 error message. Note Convert the UTC timestamp of the `1020` error to your local timezone when searching in the Security Events log. 3. Assess the cause of the block and either update the Firewall Rule or allow the visitor's IP address in [IP Access Rules](https://developers.cloudflare.com/waf/tools/ip-access-rules/). ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1020/","name":"Error 1020"}}]} ``` --- --- title: Error 1023 description: This error indicates that the host could not be found due to a configuration issue or propagation delay. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1023 ## Error 1023: Could not find host This error indicates that the host could not be found due to a configuration issue or propagation delay. ### Common causes * If the owner just signed up for Cloudflare it can take a few minutes for the website's information to be distributed to our global network. Something is wrong with the site's configuration. * Usually, this happens when accounts have been signed up with a partner organization (for example, hosting provider) and the provider's DNS fails. Note Error `1023` is returned via a HTTP `503` response code. ### Resolution Contact [Cloudflare Support](https://developers.cloudflare.com/support/contacting-cloudflare-support/) with the following details: * Your domain name. * A screenshot of the `1023` error including the [**Ray ID**](https://developers.cloudflare.com/fundamentals/reference/cloudflare-ray-id/) mentioned in the error message. * A [HAR file](https://developers.cloudflare.com/support/troubleshooting/general-troubleshooting/gathering-information-for-troubleshooting-sites/) captured while duplicating the error. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1023/","name":"Error 1023"}}]} ``` --- --- title: Error 1025 description: This error indicates that the domain has reached its plan limits for Cloudflare Workers. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1025 ## Error 1025: Please check back later This error indicates that the domain has reached its plan limits for Cloudflare Workers. ### Common cause A request is not serviced because the domain has reached [plan limits for Cloudflare Workers](https://developers.cloudflare.com/workers/platform/limits). ### Resolution: Purchase the Unlimited Workers plan via the [Plans page ↗](https://dash.cloudflare.com/redirect?account=workers/plans) on the Workers dashboard. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1025/","name":"Error 1025"}}]} ``` --- --- title: Error 1033 description: This error indicates an issue with Cloudflare Tunnel. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1033 ## Error 1033: Cloudflare Tunnel error This error indicates an issue with [Cloudflare Tunnel](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/). ### Common cause You have requested a page on a website (`tunnel.example.com`) that is on the Cloudflare network. The host (`tunnel.example.com`) is configured with Cloudflare Tunnel, and Cloudflare is currently unable to resolve it. ### Resolution A `1033` error indicates your tunnel is not connected to Cloudflare's network because Cloudflare's network cannot find a healthy `cloudflared` instance to receive the traffic. First, review whether your tunnel is listed as `Active` on the [Cloudflare One ↗](https://one.dash.cloudflare.com/) dashboard by going to **Networks** \> **Connectors** \> **Cloudflare Tunnels** or run `cloudflared tunnel list`. If the tunnel is not `Active`, review the following and take the action necessary for your tunnel status: | Status | Meaning | Recommended Action | | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Healthy** | The tunnel is active and serving traffic through four connections to the Cloudflare global network. | No action is required. Your tunnel is running correctly. | | **Inactive** | The tunnel has been created (via the API or dashboard) but the cloudflared connector has never been run to establish a connection. | Run the tunnel as a service (recommended) or use the cloudflared tunnel run command on your origin server to connect the tunnel to Cloudflare. Refer to [substep 6 of step 1 in the Create a Tunnel dashboard guide](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/get-started/create-remote-tunnel/#1-create-a-tunnel) or step 4 in the [Create a Tunnel API guide](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/get-started/create-remote-tunnel-api/#4-install-and-run-the-tunnel). | | **Down** | The tunnel was previously connected but is currently disconnected because the cloudflared process has stopped. | 1\. Ensure the cloudflared [service](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/as-a-service/) or process is actively running on your server. 2\. Check for server-side issues, such as the machine being powered off, an application crash, or recent network changes. | | **Degraded** | The cloudflared connector is running and the tunnel is serving traffic, but at least one individual connection has failed. Further degradation in [tunnel availability](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/tunnel-availability/) could risk the tunnel going down and failing to serve traffic. | 1\. Review your cloudflared [logs](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/monitor-tunnels/logs/) for connection failures or error messages. 2\. Investigate local network and firewall rules to ensure they are not blocking connections to the [Cloudflare Tunnel IPs and ports](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/tunnel-with-firewall/). | ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1033/","name":"Error 1033"}}]} ``` --- --- title: Error 1034 description: This error indicates that the IP address used for the domain is restricted by Cloudflare's edge validation. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1034 ## Error 1034: Edge IP Restricted This error indicates that the IP address used for the domain is restricted by Cloudflare's edge validation. ### Common cause Customers who previously pointed their domains to `1.1.1.1` will now encounter `1034` error. This is due to a new edge validation check in Cloudflare's systems to prevent misconfiguration and/or potential abuse. ### Resolution Ensure DNS records are pointed to IP addresses you control, and in the case a placeholder IP address is needed for “originless” setups, use the IPv6 reserved address `100::` or the IPv4 reserved address `192.0.2.0`. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1034/","name":"Error 1034"}}]} ``` --- --- title: Error 1035 description: This error indicates an invalid URI path in a request rewrite. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1035 ## Error 1035: Invalid request rewrite (invalid URI path) This error indicates an invalid URI path in a request rewrite. ### Common cause The value or expression of your rewritten URI path is not valid. This error also occurs when the destination of the URL rewrite is a path under `/cdn-cgi/`. ### Resolution Make sure that the rewritten URI path is not empty and it starts with a `/` (slash) character. For example, the following URI path rewrite expression is not valid: `concat(lower(ip.src.country), http.request.uri.path)` To fix the expression above, add a `/` prefix: `concat("/", lower(ip.src.country), http.request.uri.path)` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1035/","name":"Error 1035"}}]} ``` --- --- title: Error 1036 description: This error indicates that the rewritten URI path or query string exceeds the maximum allowed length. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1036 ## Error 1036: Invalid request rewrite (maximum length exceeded) This error indicates that the rewritten URI path or query string exceeds the maximum allowed length. ### Common cause The value or expression of your rewritten URI path or query string is too long. ### Resolution Use a shorter value or expression for the new URI path/query string value. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1036/","name":"Error 1036"}}]} ``` --- --- title: Error 1037 description: This error indicates that the rewrite rule expression could not be evaluated. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1037 ## Error 1037: Invalid rewrite rule (failed to evaluate expression) This error indicates that the rewrite rule expression could not be evaluated. ### Common cause There are several causes for this error, but it can mean that one expression element contained an undefined value when it was evaluated. For example, you get a 1037 error when using the following URL rewrite dynamic expression and the `X-Source` header is not included in the request: `http.request.headers["x-source"][0]` ### Resolution Make sure that all the elements of your rewrite expression are defined. For example, if you are referring to a header value, ensure the header is set. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1037/","name":"Error 1037"}}]} ``` --- --- title: Error 1040 description: This error indicates that an attempt was made to modify a restricted HTTP header. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1040 ## Error 1040: Invalid request rewrite (header modification not allowed) This error indicates that an attempt was made to modify a restricted HTTP header. ### Common cause You are trying to modify an HTTP header that Request Header Transform Rules cannot change. ### Resolution Make sure you are not trying to modify one of the [reserved HTTP request headers](https://developers.cloudflare.com/rules/transform/request-header-modification/#important-remarks). ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1040/","name":"Error 1040"}}]} ``` --- --- title: Error 1041 description: This error indicates that the header value is not valid. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1041 ## Error 1041: Invalid request rewrite (invalid header value) This error indicates that the header value is not valid. ### Common causes The added/modified header value is too long or it contains characters that are not allowed. ### Resolution * Use a shorter value or expression to define the header value. * Remove the characters that are not allowed. Refet to [Format of HTTP request header names and values](https://developers.cloudflare.com/rules/transform/request-header-modification/reference/header-format/) in Developer Docs for more information on the allowed characters. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1041/","name":"Error 1041"}}]} ``` --- --- title: Error 1101 description: This error indicates a rendering issue. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1101 ## Error 1101: Rendering error This error indicates a rendering issue. ### Common cause This error typically occurs when a Cloudflare Worker encounters a runtime JavaScript exception. ### Debugging To identify the specific JavaScript exception: 1. Check your Workers logs in the Cloudflare dashboard under **Workers & Pages** \> **Your Worker** \> **Logs**. 2. Review the Workers code for potential runtime errors such as: * Undefined variables or functions * Type errors * Promise rejections * Network request failures 3. Test the [Worker locally](https://developers.cloudflare.com/workers/development-testing/#local-development) with sample requests to reproduce the error. 4. Refer to [Workers error handling](https://developers.cloudflare.com/workers/observability/errors/) for more details on debugging Workers. ### Resolution Fix the JavaScript exception in your Workers code. If you need assistance, [provide appropriate issue details](https://developers.cloudflare.com/support/contacting-cloudflare-support/) to Cloudflare Support, including: * The Ray ID from the error page * The Worker name * Recent changes to the Worker code * Steps to reproduce the error ### Related errors * [Error 1102](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1102/) \- Workers CPU time limit exceeded * [Error 500](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-500/) \- Internal server error (can be caused by Workers exceptions) ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1101/","name":"Error 1101"}}]} ``` --- --- title: Error 1102 description: This error indicates that a Cloudflare Worker has exceeded its CPU time limit or memory limit. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1102 ## Error 1102: Worker exceeded resource limits This error indicates that a Cloudflare Worker has exceeded its CPU time limit or memory limit. ### Exceeded CPU time A Cloudflare Worker exceeds a [CPU time limit](https://developers.cloudflare.com/workers/platform/limits/#cpu-time). CPU time is the time spent executing code (for example, loops, parsing JSON, etc). Time spent on network requests (fetching, responding) does not count towards CPU time. #### Debugging To identify CPU-intensive code: 1. Use [CPU profiling with DevTools](https://developers.cloudflare.com/workers/observability/dev-tools/cpu-usage/) locally to identify expensive operations. 2. Review [Workers Logs](https://developers.cloudflare.com/workers/observability/logs/workers-logs/) \- CPU time is surfaced in the invocation log. This can help find if specific routes or requests are consuming high CPU time. #### Resolution Contact the developer of your Workers code to optimize code for a reduction in CPU usage. Common optimization strategies include: * Reducing the number of iterations in loops * Optimizing JSON parsing operations * Caching computed values * Breaking up large operations into smaller chunks You can also [increase the CPU time limit](https://developers.cloudflare.com/workers/platform/limits/#cpu-time) on the Workers Paid plan up to 5 minutes for CPU-bound tasks. ### Exceeded memory A Cloudflare Worker exceeds the [128 MB memory limit](https://developers.cloudflare.com/workers/platform/limits/#memory). This is a per-isolate limit, an isolate may be handling multiple requests concurrently. #### Debugging To identify memory issues: 1. Use [memory profiling with DevTools](https://developers.cloudflare.com/workers/observability/dev-tools/memory-usage/) locally to take memory snapshots and identify leaks. 2. Look for patterns like buffering a body which could be large (request or response), large objects stored in global scope or accumulating data in arrays. #### Resolution To avoid exceeding memory limits: * Avoid buffering large objects or responses in memory * Use streaming APIs such as [TransformStream](https://developers.cloudflare.com/workers/runtime-apis/streams/transformstream/) or [node:stream](https://developers.cloudflare.com/workers/runtime-apis/nodejs/streams/) to process data without buffering * Avoid storing large objects in global scope * Be cautious with operations that accumulate data (e.g., appending to strings or arrays repeatedly) ### Related errors * [Error 1101](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1101/) \- Workers JavaScript runtime exception * [Error 503](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-503/) \- Service temporarily unavailable (can be caused by Workers CPU or memory limits) ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1102/","name":"Error 1102"}}]} ``` --- --- title: Error 1104 description: This error indicates that the email address you are trying to add is already taken in the system. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1104 ## Error 1104: A variation of this email address is already taken in our system. Only one variation is allowed. This error indicates that the email address you are trying to add is already taken in the system. ### Common cause This error can occur if an email has been added with some variation of the email you're trying to add. For example, `my+user@example.com` and `my.user@example.com` will be treated the same in our system. ### Resolution Log in as the old user and change email to a "throwaway" address, which will free up the new email. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1104/","name":"Error 1104"}}]} ``` --- --- title: Error 1200 description: This error indicates that the number of requests queued on Cloudflare's edge exceeds the limit. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 1200 ## Error 1200: Cache connection limit This error indicates that the number of requests queued on Cloudflare's edge exceeds the limit. ### Common cause There are too many requests queued on Cloudflare's edge that are awaiting process by your origin web server. This limit protects Cloudflare's systems. ### Resolution Tune your origin webserver to accept incoming connections faster. Adjust your caching settings to improve cache-hit rates so that fewer requests reach your origin web server. Reach out to your hosting provider or web administrator for assistance. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/","name":"Cloudflare 1xxx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1200/","name":"Error 1200"}}]} ``` --- --- title: Cloudflare 5xx errors description: When troubleshooting most 5XX errors, the correct course of action is to first contact your hosting provider or site administrator to troubleshoot and gather data. The following sections outline: image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Cloudflare 5xx errors When troubleshooting most `5XX` errors, the correct course of action is to first contact your hosting provider or site administrator to troubleshoot and gather data. The following sections outline: * The [information](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/#required-error-details-for-hosting-provider) to provide your hosting provider to help resolve the errors * The steps to access [error analytics](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/#error-analytics) in the Cloudflare dashboard. Note Cloudflare Support only assists the domain owner to resolve issues. If you are a site visitor, report the problem to the site owner. ### Required error details for hosting provider When contacting your hosting provider, share the following information: * The specific `5XX` error code and message. * The time and timezone when the `5XX` error occurred. * The URL that resulted in the HTTP `5XX` error (for example, `https://www.example.com/images/icons/image1.png`). The cause of the error is not always found in the origin server's error logs. Be sure to check the logs of any load balancers, caches, proxies, or firewalls between Cloudflare and the origin web server. Additional details to provide to your hosting provider or site administrator can be found in the error descriptions below. Note that Cloudflare [Custom Errors](https://developers.cloudflare.com/rules/custom-errors/) can alter the appearance of default error pages discussed in this page. ### Error analytics Error analytics per domain are available within [Zone Analytics](https://developers.cloudflare.com/analytics/account-and-zone-analytics/zone-analytics/). Error analytics provides insights into overall errors by HTTP error code and offers details such as the URLs, source IP addresses, and Cloudflare data centers needed to diagnose and resolve issues. Error Analytics are based on a 1% traffic sample. To view Error Analytics: 1. In the Cloudflare dashboard, go to the **HTTP Traffic** page. [ Go to **HTTP Traffic** ](https://dash.cloudflare.com/?to=/:account/:zone/analytics/traffic) 2. Select **Add filter**, select **Edge status code** or **Origin status code** and choose any `5xx` error code that you want to diagnose. ### Log Explorer [Log Explorer](https://developers.cloudflare.com/log-explorer/) provides access to Cloudflare logs with all the context available within the Cloudflare platform. You can monitor security and performance issues with custom dashboards or investigate and troubleshoot issues with log search. Log explorer [allows to build queries](https://developers.cloudflare.com/log-explorer/log-search/) filtering for specific Ray ID, which can be useful to investigate HTTP Errors. --- ## Error 500: internal server error For a complete description of this error refer to the [Error 500](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-500/) page. ## Error 501: not implemented For a complete description of this error refer to the [Error 501](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-501/) page. ## Error 502 bad gateway or error 504 gateway timeout For a complete description of this error refer to the [Error 502/504](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-502-504/) page. ## Error 503: service temporarily unavailable For a complete description of this error refer to the [Error 503](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-503/) page. ## Error 520: web server returns an unknown error For a complete description of this error refer to the [Error 520](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-520/) page. ## Error 521: web server is down For a complete description of this error refer to the [Error 521](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-521/) page. ## Error 522: connection timed out For a complete description of this error refer to the [Error 522](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-522/) page. ## Error 523: origin is unreachable For a complete description of this error refer to the [Error 523](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-523/) page. ## Error 524: a timeout occurred For a complete description of this error refer to the [Error 524](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-524/) page. ## Error 525: SSL handshake failed For a complete description of this error refer to the [Error 525](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-525/) page. ## Error 526: invalid SSL certificate For a complete description of this error refer to the [Error 526](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-526/) page. ## Error 530 For a complete description of this error refer to the [Error 530](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-530/) page. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/","name":"Cloudflare 5xx errors"}}]} ``` --- --- title: Error 500 description: This error indicates a problem with your origin web server, preventing it from fulfilling the request. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 500 ## Error 500: internal server error This error indicates a problem with your origin web server, preventing it from fulfilling the request. ### Common causes The `Error establishing database connection message` is a common HTTP `500` error, typically indicating an origin web server issue. If you encounter this error, contact your hosting provider for assistance. ### Resolution When dealing with most `5XX` errors, the first step is to reach out to your hosting provider or site administrator to help troubleshoot the issue. Share the necessary [error details](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/#required-error-details-for-hosting-provider) to your hosting provider to assist troubleshooting the issue. However, if the `500` error contains `cloudflare` or `cloudflare-nginx` in the HTML response body, contact [Cloudflare support](https://developers.cloudflare.com/support/contacting-cloudflare-support/) and provide the following details: * Your domain name * The time and timezone of the `500` error occurrence * The output of `www.example.com/cdn-cgi/trace` from the browser where the `500` error was observed (replace `www.example.com` with your actual domain and hostname) Note If you observe blank or white pages when visiting your website, confirm whether the issue occurs when [temporarily pausing Cloudflare](https://developers.cloudflare.com/fundamentals/manage-domains/pause-cloudflare/) and contact your hosting provider for assistance. ### Workers-specific causes Error 500 can also occur when using Cloudflare Workers: * A Cloudflare Worker throws a runtime JavaScript exception (see [Error 1101](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1101/)) If you are using Workers, check the Workers dashboard for error logs and exceptions. ### Troubleshooting steps 1. **Check recent configuration changes**: Review any recent changes to Page Rules, Transform Rules, or Workers that might affect request processing. 2. **Verify origin connectivity**: Ensure your origin server is responding correctly and within acceptable timeframes. 3. **Review Workers logs**: If using Workers, check for JavaScript exceptions or CPU time limit errors in the Workers dashboard. 4. **Test with Cloudflare paused**: Temporarily pause Cloudflare to determine if the issue is origin-related. ### Known Cloudflare issue leading to HTTP Error 500 * A configuration issue on Page Rules can generate HTTP Error `500`. Refer to [Page Rules troubleshooting](https://developers.cloudflare.com/rules/page-rules/troubleshooting/general/#error-500-internal-server-error) for more details and resolution. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/","name":"Cloudflare 5xx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-500/","name":"Error 500"}}]} ``` --- --- title: Error 501 description: Cloudflare Workers returns a 501 error when a request uses an HTTP method that is not supported by the Workers Runtime. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 501 ## Error 501: not implemented Cloudflare Workers returns a `501` error when a request uses an HTTP method that is not supported by the Workers Runtime. ### Common causes * A client sent a request to a Workers script using a custom or non-standard HTTP method (methods outside of `GET`, `POST`, `PUT`, etc.). * A typo in the HTTP method (for example, `POT` instead of `POST`). ### Resolution * Update the client to use a valid, standard [HTTP request method ↗](https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods). ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/","name":"Cloudflare 5xx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-501/","name":"Error 501"}}]} ``` --- --- title: Error 502 or 504 description: An HTTP 502 or 504 error indicates that Cloudflare is unable to establish contact with your origin web server. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 502 or 504 ## Error 502 bad gateway or error 504 gateway timeout An HTTP `502` or `504` error indicates that Cloudflare is unable to establish contact with your origin web server. ### Common causes There are two possible causes: * [502/504 errors from your origin web server](#502504-from-your-origin-web-server) (most common). * [502/504 errors from Cloudflare](#502504-from-cloudflare). You may also see `504` status codes in logs or analytics caused by [cache MISS responses from Early Hints](https://developers.cloudflare.com/cache/advanced-configuration/early-hints/#emit-early-hints), or by Cloudflare Workers Cache API [cache.match operations resulting in cache MISS ↗](https://developers.cloudflare.com/workers/runtime-apis/cache/#errors-1). ### Resolution To resolve `502/504` errors, it is essential to identify whether the issue originates from your origin web server or Cloudflare. In the following sections, you can find more details for troubleshooting and resolving errors from both sources. #### 502/504 from your origin web server Cloudflare returns a Cloudflare-branded HTTP `502` or `504` error when your origin web server responds with a standard HTTP `502 bad gateway` or `504 gateway timeout` error: ![Example of a Cloudflare-branded error 502.](https://developers.cloudflare.com/_astro/image1.bhOtPL9__Z11fWXs.webp) Contact your hosting provider to troubleshoot these common causes at your origin web server: * Ensure the origin server responds to requests for the hostname and domain within the visitor's URL that generated the `502` or `504` error. * Investigate excessive server loads, crashes, or network failures. * Identify applications or services that timed out or were blocked. #### 502/504 from Cloudflare A `502` or a `504` error originating from Cloudflare appears as follows, a blank page without the Cloudflare branding: ![Example of an unbranded error 502.](https://developers.cloudflare.com/_astro/image5.DQ6zBJUs_21yXXb.webp) If the error does not mention `cloudflare`, contact your hosting provider for assistance. Refer to [502/504 errors from your origin](#502504-from-your-origin-web-server) for more information. This error can occur due to a compression issue at the origin, such as when the origin server serves gzip-encoded compressed content but fails to update the `content-length` header, or if the origin is serving broken gzip compressed content. To diagnose this, you can try disabling compression at your origin to confirm if it resolves the error. Additionally, in some cases, a particular data center may experience a sudden increase in traffic. To ensure minimal impact for customers, our automated processes will redirect traffic to another data center. These adjustments typically happen seamlessly and take just a few seconds. However, during this process, some clients may experience temporary latency or HTTP `502` errors. You can find more information about our automated traffic management tools in this [blogpost ↗](https://blog.cloudflare.com/meet-traffic-manager). If you need further assistance from our Support team, provide the following details to [Cloudflare Support](https://developers.cloudflare.com/support/contacting-cloudflare-support/) to avoid delays in processing your inquiry: * The timestamp along with the timezone in which the issue occurred. * The URL that resulted in the HTTP `502` or `504` response (for example, `https://www.example.com/images/icons/image1.png`). * The output from browsing to `/cdn-cgi/trace`. ### Known Cloudflare issues leading to HTTP Error 502 or 504 * Using [Gateway](https://developers.cloudflare.com/cloudflare-one/traffic-policies/) can lead to an HTTP Error `502` if the origin only partially supports HTTP/2\. Refer to [Troubleshooting](https://developers.cloudflare.com/cloudflare-one/traffic-policies/troubleshooting/#error-502-bad-gateway) for more details and resolution. * You might see a `502 Bad Gateway` error when connecting to an HTTP or HTTPS application through [Cloudflare Tunnel](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/), with `Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared`. It means the tunnel itself is connected to the Cloudflare network, but `cloudflared` cannot reach the origin service defined in your ingress rule. Refer to the [tunnel common errors page](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/troubleshoot-tunnels/common-errors/#i-see-a-502-bad-gateway-error-when-connecting-to-an-http-or-https-application-through-tunnel) for more details and resolution. * You may see an influx of HTTP Error `504` with the `RequestSource` of `earlyHintsCache` in Cloudflare Logs when Early Hints is enabled, which is expected and benign. Refer to [the Early Hints article](https://developers.cloudflare.com/cache/advanced-configuration/early-hints/#emit-early-hints) for more details and resolution. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/","name":"Cloudflare 5xx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-502-504/","name":"Error 502 or 504"}}]} ``` --- --- title: Error 503 description: HTTP error 503 occurs when your origin web server is overloaded. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 503 ## Error 503: service temporarily unavailable HTTP error 503 occurs when your origin web server is overloaded. ### Common causes There are different causes identifiable by the error message or the location of the error: * Error does not contain `cloudflare` or `cloudflare-nginx` in the HTML response body. In this case, the issue is likely from your origin server. * Error contains `cloudflare` or `cloudflare-nginx` in the HTML response body. In this case, the issue may stem from Cloudflare. * Error is only visible in logs or analytics. ### Resolution To resolve a `503` error, first determine whether the issue originates from your origin web server or Cloudflare. The following sections provide guidance on troubleshooting both scenarios. #### 503 Error without `cloudflare` or `cloudflare-nginx` If the error does not contain `cloudflare` or `cloudflare-nginx` in the HTML response body, contact your hosting provider to verify if they rate limit requests to your origin web server. #### 503 Error with `cloudflare` or `cloudflare-nginx` If the error contains `cloudflare` or `cloudflare-nginx` in the HTML response body, a connectivity issue occurred in a Cloudflare data center. Provide [Cloudflare support](https://developers.cloudflare.com/support/contacting-cloudflare-support/) with the following information: * Your domain name * The time and timezone of the `503` error occurrence * The output of `www.example.com/cdn-cgi/trace` from the browser where the `503` error was observed (replace `www.example.com` with your actual domain and hostname) #### 503 Error only visible in logs and analytics These errors result from [unsuccessful prefetches from Speed Brain](https://developers.cloudflare.com/speed/optimization/content/speed-brain/#how-speed-brain-works) and can be discarded. These errors are not visible to visitors of your website. [Speed Brain](https://developers.cloudflare.com/speed/optimization/content/speed-brain/#enable-and-disable-speed-brain) can be disabled for the zone if needed (this feature cannot be disabled for a specific path). ### Workers-specific causes Error 503 can also occur when using Cloudflare Workers: * A Worker exceeds CPU time limits (see [Error 1102](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1102/)) * Worker code encounters memory limit issues (see [Error 1102](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1102/)) If you are using Workers, check the Workers dashboard for error logs and resource limit issues. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/","name":"Cloudflare 5xx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-503/","name":"Error 503"}}]} ``` --- --- title: Error 520 description: This error occurs when the origin server returns an empty, unknown, or unexpected response to Cloudflare. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 520 ## Error 520: web server returns an unknown error This error occurs when the origin server returns an empty, unknown, or unexpected response to Cloudflare. ### Common causes This error is often triggered by: * Origin server crashes or misconfigurations. * Firewalls or security plugins blocking [Cloudflare IPs ↗](https://www.cloudflare.com/ips) at your origin. * Headers exceeding 128 KB (often due to excessive cookies). * Empty or malformed responses lacking an HTTP status code or response body. * Missing response headers or origin web server not returning [proper HTTP error responses ↗](https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml). * Incorrect HTTP/2 configuration at the origin server. * Authentication Origin Pull enabled on Cloudflare but the origin is [not configured as expected](https://developers.cloudflare.com/ssl/origin-configuration/authenticated-origin-pull/set-up/zone-level/#2-configure-origin-to-accept-client-certificates). Note `520` errors are prevalent with certain PHP applications that crash the origin web server. ### Resolution Note As a temporary workaround, you can set the affected DNS record to [DNS-only](https://developers.cloudflare.com/dns/proxy-status/) in the Cloudflare **DNS** app or [temporarily pause Cloudflare](https://developers.cloudflare.com/fundamentals/manage-domains/pause-cloudflare/). * Contact your hosting provider or site administrator and share the necessary [error details](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/#required-error-details-for-hosting-provider) to assist with troubleshooting. Request a review of your origin web server error logs for crashes and check for [common causes](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-520/#common-causes) mentioned in the previous section. * If HTTP/2 is enabled at your origin server, ensure it is correctly set up. Cloudflare connects to servers who announce support of HTTP/2 connections via [ALPN ↗](https://blog.cloudflare.com/introducing-http2). If the origin web server accepts the HTTP/2 connection but then does not respect or support the protocol, an HTTP `520` error will be returned. You can disable the [HTTP/2 to Origin](https://developers.cloudflare.com/speed/optimization/protocol/http2-to-origin/#disable-http2-to-origin) in **Speed** \> **Settings** \> **Protocol Optimization** on the Cloudflare dashboard. * If `520` errors continue after contacting your hosting provider or site administrator, provide the following information to [Cloudflare Support](https://developers.cloudflare.com/support/contacting-cloudflare-support/): * Full URL(s) of the resource requested when the error occurred. * Cloudflare [**cf-ray**](https://developers.cloudflare.com/fundamentals/reference/cloudflare-ray-id/) from the `520` error message. * Output from `http:///cdn-cgi/trace`. * Two [HAR files](https://developers.cloudflare.com/support/troubleshooting/general-troubleshooting/gathering-information-for-troubleshooting-sites/#generate-a-har-file): * One with Cloudflare enabled on your website. * Another with [Cloudflare temporarily disabled](https://developers.cloudflare.com/fundamentals/manage-domains/pause-cloudflare/). ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/","name":"Cloudflare 5xx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-520/","name":"Error 520"}}]} ``` --- --- title: Error 521 description: Error 521 occurs when the origin web server refuses connections from Cloudflare. Security solutions at your origin may block legitimate connections from certain Cloudflare IP addresses. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 521 ## Error 521: web server is down Error `521` occurs when the origin web server refuses connections from Cloudflare. Security solutions at your origin may block legitimate connections from certain [Cloudflare IP addresses ↗](https://www.cloudflare.com/ips). ### Common causes The two most common causes of `521` errors are: * Offlined origin web server application. * Blocked Cloudflare requests. ### Resolution Contact your hosting provider or site administrator and share the necessary [error details](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/#required-error-details-for-hosting-provider) to assist in troubleshooting these common causes: * Ensure your origin web server is responsive. * Review origin web server error logs to identify web server application crashes or outages. * Confirm [Cloudflare IP addresses ↗](https://www.cloudflare.com/ips) are not blocked or rate limited. * Allow all [Cloudflare IP ranges ↗](https://www.cloudflare.com/ips) in your origin web server's firewall or other security software. * Confirm that — if you have your **SSL/TLS mode** set to **Full** or **Full (Strict**) — your origin supports HTTPS and/or you have installed a [Cloudflare Origin Certificate](https://developers.cloudflare.com/ssl/origin-configuration/origin-ca) or a certificate matching the [requirements for these modes](https://developers.cloudflare.com/ssl/origin-configuration/ssl-modes/#custom-ssltls). * Ensure that your origin web server application is actively bound and listening on the port required by your SSL/TLS mode: Port 80 for **Flexible**, or Port 443 for **Full** and **Full (Strict)**. * Find additional troubleshooting information on the [Cloudflare Community ↗](https://community.cloudflare.com/t/community-tip-fixing-error-521-web-server-is-down/42461). ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/","name":"Cloudflare 5xx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-521/","name":"Error 521"}}]} ``` --- --- title: Error 522 description: Error 522 occurs when Cloudflare times out contacting the origin web server. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 522 ## Error 522: connection timed out Error `522` occurs when Cloudflare times out contacting the origin web server. ### Common causes Two different timeouts cause HTTP error `522` depending on when they occur between Cloudflare and the origin web server: * Before a connection is established, the origin web server does not return a SYN+ACK to Cloudflare within 19 seconds of Cloudflare sending a SYN (the SYN retry backoff scheme is 1,1,1,1,1,2,4,8). * After a connection is established, the origin web server does not acknowledge (ACK) Cloudflare's resource request within 90 seconds. ### Resolution * Contact your hosting provider and share the necessary [error details](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/#required-error-details-for-hosting-provider) to assist in troubleshooting these common causes: * [Cloudflare IP addresses ↗](https://www.cloudflare.com/ips/) are rate limited or blocked in .htaccess, iptables, or firewalls. Confirm your hosting provider allows **all Cloudflare IP ranges** (most common cause). You can use a [Cloudflare WAF Custom Rule](https://developers.cloudflare.com/waf/custom-rules/use-cases/block-by-geographical-location/) if you need to restrict traffic from geographical locations. * An overloaded or offline origin web server drops incoming requests. * [Keepalives ↗](http://tldp.org/HOWTO/TCP-Keepalive-HOWTO/overview.html) are disabled at the origin web server. * The origin IP address in your Cloudflare **DNS** app does not match the IP address currently provisioned to your origin web server by your hosting provider. * Packets were dropped at your origin web server. * If you are using [Cloudflare Pages](https://developers.cloudflare.com/pages/), verify that you have a custom domain set up and that your CNAME record is pointed to your [custom Pages domain](https://developers.cloudflare.com/pages/configuration/custom-domains/#add-a-custom-domain). * If you are using [Workers with a Custom Domain](https://developers.cloudflare.com/workers/configuration/routing/custom-domains/), performing a `fetch` to its own hostname will cause a `522` error. Consider using a [Route](https://developers.cloudflare.com/workers/configuration/routing/), targeting another hostname, or enabling the [global\_fetch\_strictly\_public compatibility flag](https://developers.cloudflare.com/workers/configuration/compatibility-flags/#global-fetch-strictly-public) instead. * If you are using [Origin Rules](https://developers.cloudflare.com/rules/origin-rules/), make sure the resulting hostname can be resolved. For example, if your Origin Rule point to a Worker route, a `522` error will be returned if the hostname for this route is an A record pointing to a reserved address such as `100::` or `192.0.2.0`. * If none of the above leads to a resolution, request the following information from your hosting provider or site administrator before [contacting Cloudflare support](https://developers.cloudflare.com/support/contacting-cloudflare-support/): * An [MTR or traceroute](https://developers.cloudflare.com/support/troubleshooting/general-troubleshooting/gathering-information-for-troubleshooting-sites/#perform-a-traceroute) from your origin web server to a [Cloudflare IP address ↗](http://www.cloudflare.com/ips) that most commonly connected to your origin web server before the issue occurred. Identify a connecting Cloudflare IP recorded in the origin web server logs. * Details from the hosting provider's investigation, such as pertinent logs or conversations with the hosting provider. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/","name":"Cloudflare 5xx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-522/","name":"Error 522"}}]} ``` --- --- title: Error 523 description: This error occurs when Cloudflare cannot contact your origin web server. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 523 ## Error 523: origin is unreachable This error occurs when Cloudflare cannot contact your origin web server. ### Common causes This typically occurs when a network device between Cloudflare and the origin web server does not have a route to the origin's IP address. ### Resolution Contact your hosting provider and share the necessary [error details](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/#required-error-details-for-hosting-provider) to exclude the following common causes at your origin web server: * Confirm the correct origin IP address is listed for A or AAAA records within your Cloudflare DNS app. * Troubleshoot Internet routing issues between your origin and Cloudflare, or with the origin itself. If none of the above leads to a resolution, request the following information from your hosting provider or site administrator: * An [MTR or traceroute](https://developers.cloudflare.com/support/troubleshooting/general-troubleshooting/gathering-information-for-troubleshooting-sites/#perform-a-traceroute) from your origin web server to a [Cloudflare IP address ↗](http://www.cloudflare.com/ips) that most commonly connected to your origin web server before the issue occurred. Identify a connecting Cloudflare IP from the logs of the origin web server. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/","name":"Cloudflare 5xx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-523/","name":"Error 523"}}]} ``` --- --- title: Error 524 description: Error 524 indicates that Cloudflare successfully connected to the origin web server, but the origin did not provide an HTTP response before the default 120 seconds Proxy Read Timeout. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 524 ## Error 524: a timeout occurred Error `524` indicates that Cloudflare successfully connected to the origin web server, but the origin did not provide an HTTP response before the default 120 seconds [Proxy Read Timeout](https://developers.cloudflare.com/fundamentals/reference/connection-limits/). ### Common causes This can happen if the origin server is taking too long because it has too much work to do, for example, a large data query, or because the server is struggling for resources and cannot return any data in time. The error `524` occurs if the origin web server acknowledges (ACK) the resource request after the connection has been established, but does not send a timely response (within the [Proxy Read Timeout](https://developers.cloudflare.com/fundamentals/reference/connection-limits/) delay, 120 seconds by default). Error `524` can also indicate that Cloudflare successfully connected to the origin web server to write data, but the write did not complete before the 30 seconds [Proxy Write Timeout](https://developers.cloudflare.com/fundamentals/reference/connection-limits/) (or 6.5 seconds in the case of [Cloudflare Images](https://developers.cloudflare.com/images/)). This timeout cannot be adjusted. ### Resolution at your origin Here are the options we suggest to work around this issue: * [Contact your hosting provider](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/#required-error-details-for-hosting-provider) to exclude the following common causes at your origin web server: * A long-running process on the origin web server. * An overloaded origin web server. * Implement status polling of large HTTP processes to avoid hitting this error. Note Logging request response time at your origin web server may help identify the cause of resource slowness. Contact your hosting provider or site administrator for assistance in adjusting log formats or search for related logging documentation for your brand of web server such as [Apache ↗](http://httpd.apache.org/docs/current/mod/mod%5Flog%5Fconfig.html) or [Nginx ↗](http://nginx.org/en/docs/http/ngx%5Fhttp%5Flog%5Fmodule.html#log%5Fformat). ### Resolution on Cloudflare Here are some other actions you can take on the Cloudflare side: * If you regularly run HTTP requests that take over 120 seconds to complete (for example, large data exports), move those processes behind a [subdomain not proxied (DNS-only, grey clouded)](https://developers.cloudflare.com/dns/proxy-status/#dns-only-records) in the Cloudflare **DNS** app. * Enterprise customers can increase the `524` timeout up to 6,000 seconds: * If your content can be cached, you can create a [Cache Rule](https://developers.cloudflare.com/cache/how-to/cache-rules/settings/#proxy-read-timeout-enterprise-only) with the `Proxy Read Timeout` setting. The content needs to be cacheable for the rule to be triggered, but does not need to be cached. * You can increase the `proxy_read_timeout` setting for the whole zone using the [Edit zone setting API endpoint](https://developers.cloudflare.com/api/resources/zones/subresources/settings/methods/edit/). Note Note that you may observe a 1 second difference between the timeout you have set and the actual time at which the Error `524` is returned. This is expected, it is due to the current work on implementing our proxy - [Pingora ↗](https://blog.cloudflare.com/how-we-built-pingora-the-proxy-that-connects-cloudflare-to-the-internet/). As a workaround, you can simply set the timeout to one second more (121 seconds instead of 120 seconds, for example). ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/","name":"Cloudflare 5xx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-524/","name":"Error 524"}}]} ``` --- --- title: Error 525 description: This error indicates that the SSL handshake between Cloudflare and the origin web server failed. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 525 ## Error 525: SSL handshake failed This error indicates that the SSL handshake between Cloudflare and the origin web server failed. ### Common causes Error `525` occurs when these two conditions are true: * The [SSL handshake ↗](https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/) fails between Cloudflare and the origin web server. * [_Full_ or _Full (Strict)_](https://developers.cloudflare.com/ssl/origin-configuration/ssl-modes) **SSL** is set in the **Overview** tab of your Cloudflare **SSL/TLS** app. Note If your hosting provider frequently changes your origin web server's IP address, refer to Cloudflare's documentation on [dynamic DNS updates](https://developers.cloudflare.com/dns/manage-dns-records/how-to/managing-dynamic-ip-addresses). ### Resolution Contact your hosting provider to exclude the following common causes at your origin web server: * No valid SSL certificate is installed. * Port `443` (or another custom secure port) is not open. * No SNI support. * The [cipher suites](https://developers.cloudflare.com/ssl/origin-configuration/cipher-suites/) used by Cloudflare do not match the cipher suites supported by the origin web server. Note If `525` errors occur intermittently, review the origin web server error logs to determine the cause. Configure Apache to [log mod\_ssl errors ↗](https://cwiki.apache.org/confluence/display/HTTPD/DebuggingSSLProblems#Enable%5FSSL%5Flogging). Also, nginx includes SSL errors in its standard error log, but may possibly require [an increased log level ↗](https://docs.nginx.com/nginx/admin-guide/monitoring/logging/). * Verify that a certificate is installed on your origin server. For details on running tests, refer to [Troubleshoot requests with curl](https://developers.cloudflare.com/support/troubleshooting/general-troubleshooting/gathering-information-for-troubleshooting-sites/#troubleshoot-requests-with-curl). If no certificate is installed, you can generate and install a free [Cloudflare origin CA certificate](https://developers.cloudflare.com/ssl/origin-configuration/origin-ca) to encrypt traffic between Cloudflare and your origin web server. * [Review the cipher suites](https://developers.cloudflare.com/ssl/edge-certificates/additional-options/cipher-suites/) used by your server to ensure they are compatible with Cloudflare. * Check your server's error logs from the timestamps when `525` errors occur to identify any issues causing the connection to be reset during the SSL handshake. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/","name":"Cloudflare 5xx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-525/","name":"Error 525"}}]} ``` --- --- title: Error 526 description: This error indicates that Cloudflare is unable to verify the SSL certificate on your origin server, preventing a secure connection from being established. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 526 ## Error 526: invalid SSL certificate This error indicates that Cloudflare is unable to verify the SSL certificate on your origin server, preventing a secure connection from being established. ### Common causes This error occurs when these two conditions are true: * Cloudflare cannot validate the SSL certificate at your origin web server. * [_Full SSL (Strict)_](https://developers.cloudflare.com/ssl/origin-configuration/ssl-modes/full-strict/) **SSL** is set in the **Overview** tab of your Cloudflare **SSL/TLS** app. #### Resolution Here are some options to fix or workaround this issue: * For a potential quick fix, set **SSL** to _Full_ instead of _Full (strict)_ in the **Overview** tab of your Cloudflare **SSL/TLS** app for the domain. * Add your self-signed SSL certificate to the [Custom Origin Trust Store](https://developers.cloudflare.com/ssl/origin-configuration/custom-origin-trust-store/). This allows the Cloudflare edge to recognize your self-signed SSL certificate as valid. * Use a [Cloudflare Origin CA certificate](https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/) at your origin. * Request your server administrator or hosting provider to review the origin web server's SSL certificates and verify that: * Certificate is not expired. * Certificate is not revoked. * Certificate is signed by a [Certificate Authority ↗](https://en.wikipedia.org/wiki/Certificate%5Fauthority) (not self-signed). * The requested or target domain name and hostname are in the certificate's **Common Name** or **Subject Alternative Name**. * The certificate chain is complete - the origin server must serve the leaf certificate along with any required intermediate CA certificates so that Cloudflare can build a trusted chain to a root CA. * Your origin web server accepts connections over port SSL port `443`. * [Temporarily pause Cloudflare](https://developers.cloudflare.com/fundamentals/manage-domains/pause-cloudflare/) and visit [https://www.sslshopper.com/ssl-checker.html#hostname=www.example.com ↗](https://www.sslshopper.com/ssl-checker.html#hostname=www.example.com) (replace `www.example.com` with your hostname and domain) to verify no issues exists with the origin SSL certificate: ![Screen showing an SSL certificate with no errors.](https://developers.cloudflare.com/_astro/hc-import-troubleshooting_5xx_errors_sslshopper_output.B54TP_B1_kRIBu.webp) ### Error 526 in the Zero Trust context When using [Cloudflare Gateway](https://developers.cloudflare.com/cloudflare-one/traffic-policies/), an HTTP Error `526` might be returned in the [following cases](https://developers.cloudflare.com/cloudflare-one/traffic-policies/troubleshooting/#error-526-invalid-ssl-certificate): * **An untrusted certificate is presented from the origin to Gateway.** Gateway will consider a certificate is untrusted if any of these conditions are true: * The server certificate issuer is unknown or is not trusted by the service. * The server certificate is revoked and fails a CRL check. * There is at least one expired certificate in the certificate chain for the server certificate. * The common name on the certificate does not match the URL you are trying to reach. * The common name on the certificate contains invalid characters (such as underscores). Gateway uses [BoringSSL ↗](https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search?SearchMode=Basic&Vendor=Google&CertificateStatus=Active&ValidationYear=0) to validate certificates. Chrome's [validation logic ↗](https://chromium.googlesource.com/chromium/src/+/refs/heads/main/net/cert/x509%5Fcertificate.cc#429) allows non-RFC 1305 compliant certificates, which is why the website may load when you turn off WARP. * **The connection from Gateway to the origin is insecure.** Gateway does not trust origins which: * Only offer insecure cipher suites (such as RC4, RC4-MD5, or 3DES). You can use the [SSL Server Test tool ↗](https://www.ssllabs.com/ssltest/index.html) to check which ciphers are supported by the origin. * Do not support [FIPS-compliant ciphers](https://developers.cloudflare.com/cloudflare-one/traffic-policies/http-policies/tls-decryption/#cipher-suites) (if you have enabled [FIPS compliance mode](https://developers.cloudflare.com/cloudflare-one/traffic-policies/http-policies/tls-decryption/#fips-compliance)). In order to load the page, you can either disable FIPS mode or create a Do Not Inspect policy for this host (which has the effect of disabling FIPS compliance for this origin). * Redirect all HTTPS requests to HTTP. ### Error 526 in the Workers context Workers subrequests to any hostname outside your Cloudflare zone that is not proxied by Cloudflare are always made using the **[Full (strict)](https://developers.cloudflare.com/ssl/origin-configuration/ssl-modes/full-strict/)** SSL mode, regardless of the Workers zone configuration. #### Resolution * Make sure the SSL certificate configured at the origin is valid. * Add your self-signed SSL certificate to the [Custom Origin Trust Store](https://developers.cloudflare.com/ssl/origin-configuration/custom-origin-trust-store/) and enable the [cots\_on\_external\_fetch compatibility flag](https://developers.cloudflare.com/workers/configuration/compatibility-flags/#do-not-use-the-custom-origin-trust-store-for-external-subrequests) in your Worker's configuration. This flag enables the use of the [Custom Origin Trust Store](https://developers.cloudflare.com/ssl/origin-configuration/custom-origin-trust-store/) when making external (grey-clouded) subrequests from a Cloudflare Worker. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/","name":"Cloudflare 5xx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-526/","name":"Error 526"}}]} ``` --- --- title: Error 530 description: This error indicates that Cloudflare is unable to resolve the origin hostname, preventing it from establishing a connection to the origin server. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Error 530 ## Error 530 This error indicates that Cloudflare is unable to resolve the origin hostname, preventing it from establishing a connection to the origin server. ### Common causes An HTTP error `530` is returned when Cloudflare is encountering an issue resolving the origin hostname. In this case the body of the response contains an [1XXX error](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/) code. ### Resolution Refer to the specific [1XXX error](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/) for troubleshooting information. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/http-status-codes/","name":"HTTP Status Codes"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/","name":"Cloudflare 5xx errors"}},{"@type":"ListItem","position":6,"item":{"@id":"/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-530/","name":"Error 530"}}]} ``` --- --- title: Restoring original visitor IPs description: When your website traffic is routed through the Cloudflare network, we act as a reverse proxy. This allows Cloudflare to speed up page load time by routing packets more efficiently and caching static resources (images, JavaScript, CSS, etc.). As a result, when responding to requests and logging them, your origin server returns a Cloudflare IP address. image: https://developers.cloudflare.com/core-services-preview.png --- [Skip to content](#%5Ftop) Was this helpful? YesNo Copy page # Restoring original visitor IPs When your [website traffic is routed through the Cloudflare network](https://developers.cloudflare.com/fundamentals/concepts/how-cloudflare-works/), we act as a reverse proxy. This allows Cloudflare to speed up page load time by routing packets more efficiently and caching static resources (images, JavaScript, CSS, etc.). As a result, when responding to requests and logging them, your origin server returns a [Cloudflare IP address ↗](https://www.cloudflare.com/ips/). For example, if you install applications that depend on the incoming IP address of the original visitor, a Cloudflare IP address is logged by default. The original visitor IP address appears in an appended HTTP header called [CF-Connecting-IP](https://developers.cloudflare.com/fundamentals/reference/http-headers/#cf-connecting-ip). By following our [web server instructions](#web-server-instructions), you can log the original visitor IP address at your origin server. If this HTTP header is not available when requests reach your origin server, check your [Transform Rules](https://developers.cloudflare.com/rules/transform/) and [Managed Transforms](https://developers.cloudflare.com/rules/transform/managed-transforms/) configuration. Note If **Pseudo IPv4** is set to `Overwrite Headers` \- Cloudflare overwrites the existing `Cf-Connecting-IP` and `X-Forwarded-For` headers with a pseudo IPv4 address while preserving the real IPv6 address in `CF-Connecting-IPv6` header. The diagram below illustrates the different ways that IP addresses are handled with and without Cloudflare. ![The diagram illustrates the different ways that IP addresses are handled with and without Cloudflare.](https://developers.cloudflare.com/_astro/Restoring_IPs__1_.D3FkNFbK_1Dz2yl.webp) Warning Cloudflare no longer updates and supports _mod\_cloudflare_, starting with versions **Debian 9** and **Ubuntu 18.04 LTS** of the Linux operating system. We now recommend[_mod\_remoteip_ ↗](https://httpd.apache.org/docs/2.4/mod/mod%5Fremoteip.html)for customers using Apache web servers. Customers who are interested in building the _mod\_cloudflare_ package can [download the codebase ↗](https://github.com/cloudflare/mod%5Fcloudflare) from GitHub. --- ## mod\_remoteip Cloudflare no longer updates and supports _mod\_cloudflare._ However, if you are using an Apache web server with an operating system such as **Ubuntu Server 18.04** and **Debian 9 Stretch**, you can use _mod\_remoteip_ to log your visitor’s original IP address. **As this module was created by an outside party, we can't provide technical support for issues related to the plugin.** To install _mod\_remoteip_ on your Apache web server: 1. Enable _mod\_remoteip_ by issuing the following command: Terminal window ``` sudo a2enmod remoteip ``` 1. Update the site configuration to include _RemoteIPHeader CF-Connecting-IP_, e.g. `/etc/apache2/sites-available/000-default.conf` ``` ServerAdmin webmaster@localhost DocumentRoot /var/www/html ServerName remoteip.andy.support RemoteIPHeader CF-Connecting-IP ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined ``` 1. Update combined _LogFormat_ entry in `apache.conf`, replacing _%h_ with _%a in_ `/etc/apache2/apache2.conf.` For example, if your current _LogFormat_ appeared as follows ``` LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined ``` you would update _LogFormat_ to the following: ``` LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined ``` 1. Define trusted proxy addresses by creating `/etc/apache2/conf-available/remoteip.conf` by entering the following code and [Cloudflare IPs ↗](https://www.cloudflare.com/ips/): ``` RemoteIPHeader CF-Connecting-IP RemoteIPTrustedProxy 192.0.2.1 (example IP address) RemoteIPTrustedProxy 192.0.2.2 (example IP address) (repeat for all Cloudflare IPs listed at https://www.cloudflare.com/ips/) ``` 1. Enable Apache configuration: Terminal window ``` sudo a2enconf remoteip ``` ``` Enabling conf remoteip. To activate the new configuration, you need to run: service apache2 reload ``` 1. Test Apache configuration: Terminal window ``` sudo apache2ctl configtest ``` ``` Syntax OK ``` 1. Restart Apache: Terminal window ``` sudo systemctl restart apache2 ``` Note For more information on _mod\_remoteip_, refer to the [Apache documentation ↗](https://httpd.apache.org/docs/2.4/mod/mod%5Fremoteip.html "Apache Module mod_remoteip"). --- ## mod\_cloudflare Warning Cloudflare no longer updates and supports _mod\_cloudflare_, starting with versions **Debian 9** and **Ubuntu 18.04 LTS** of the Linux operating system. We now recommend[_mod\_remoteip_ ↗](https://httpd.apache.org/docs/2.4/mod/mod%5Fremoteip.html)for customers using Apache web servers. Customers who are interested in building the _mod\_cloudflare_ package can [download the codebase ↗](https://github.com/cloudflare/mod%5Fcloudflare) from GitHub. ### Installing There are two methods for installing mod\_cloudflare: by downloading the Apache extension from GitHub or by adding code to your origin web server. #### Downloading packets or scripts from GitHub If you are using an Apache web server, you can download mod\_cloudflare from [GitHub ↗](https://github.com/cloudflare/mod%5Fcloudflare). #### Adding code to your origin web server If you can't install mod\_cloudflare, or if there is no Cloudflare plugin available for your content management system platform to restore original visitor IP, add this code to your origin web server in or before the `` tag on any page that needs the original visitor IPs: ``` ``` This command will only make the IP address available to scripts that need it. It doesn’t store the IP in your actual server logs. ### Removing #### Apache To remove _mod\_cloudflare_, you should comment out the Apache config line that loads _mod\_cloudflare_. This varies based on your Linux distribution, but for most people, if you look `in /etc/apache2`, you should be able to search to find the line: `LoadModule cloudflare_module` Comment or remove this line, then restart apache, and _mod\_cloudflare_ should be gone. If you are running Ubuntu or Debian, you should see. `file/etc/apache2/mods-enabled/cloudflare.load` delete this file to remove _mod\_cloudflare_, then restart Apache. #### Nginx _mod\_cloudflare_ is not needed for Nginx. Use the [ngx\_http\_realip\_module NGINX module ↗](http://nginx.org/en/docs/http/ngx%5Fhttp%5Frealip%5Fmodule.html) and the configuration parameters described in the [Web server instructions ↗](https://developers.cloudflare.com/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/#web-server-instructions) instead. --- ## Web server instructions Refer below for instructions on how to configure your web server to log original visitor IPs based on your web server type: ### Apache 2.4 Warning Cloudflare no longer updates and supports _mod\_cloudflare_, starting with versions **Debian 9** and **Ubuntu 18.04 LTS** of the Linux operating system. We now recommend[_mod\_remoteip_ ↗](https://httpd.apache.org/docs/2.4/mod/mod%5Fremoteip.html)for customers using Apache web servers. Customers who are interested in building the _mod\_cloudflare_ package can [download the codebase ↗](https://github.com/cloudflare/mod%5Fcloudflare) from GitHub. 1. Make sure the following is installed: * Red Hat/Fedora`sudo yum install httpd-devel libtool git` * Debian/Ubuntu`sudo apt-get install apache2-dev libtool git` 2. Clone the following for the most recent build of _mod\_cloudflare_: * Red Hat/Fedora/Debian/Ubuntu:`git clone https://github.com/cloudflare/mod_cloudflare.git; cd mod_cloudflare` 3. Use the Apache extension tool to convert the .c file into a module: * Red Hat/Fedora/Debian/Ubuntu:`apxs -a -i -c mod_cloudflare.c` 4. Restart and verify the module is active: * Red Hat/Fedora`service httpd restart; httpd -M|grep cloudflare` * Debian/Ubuntu:`sudo apachectl restart; apache2ctl -M|grep cloudflare` 5. If your web server is behind a load balancer, add the following line to your Apache configuration (httpd.conf usually) and replace 123.123.123.123 with your load balancer's IP address: ``` IfModule cloudflare_module CloudFlareRemoteIPHeader X-Forwarded-For CloudFlareRemoteIPTrustedProxy [insert your load balancer’s IP address] DenyAllButCloudFlare /IfModule ``` ### Nginx Use the [ngx\_http\_realip\_module Nginx module ↗](http://nginx.org/en/docs/http/ngx%5Fhttp%5Frealip%5Fmodule.html) and the following configuration parameters: ``` #example IP address set_real_ip_from 192.0.2.1; #use any of the following two real_ip_header CF-Connecting-IP; #real_ip_header X-Forwarded-For; ``` That list of prefixes needs to be updated regularly, and we publish the full list in [Cloudflare IP addresses ↗](https://www.cloudflare.com/ips). Note To Include the original visitor IP in your logs, add the variables $http\_cf\_connecting\_ip and $http\_x\_forwarded\_for in the log\_format directive. Also refer to: [Cloudflare and NGINX ↗](https://danielmiessler.com/blog/getting-real-ip-addresses-using-cloudflare-nginx-and-varnish/). ### EasyApache and cPanel Warning Cloudflare no longer updates and supports _mod\_cloudflare_, starting with versions **Debian 9** and **Ubuntu 18.04 LTS** of the Linux operating system. We now recommend[_mod\_remoteip_ ↗](https://httpd.apache.org/docs/2.4/mod/mod%5Fremoteip.html)for customers using Apache web servers. Customers who are interested in building the _mod\_cloudflare_ package can [download the codebase ↗](https://github.com/cloudflare/mod%5Fcloudflare) from GitHub. 1. Run the following script to install mod\_cloudflare as part of EasyApache: `bash <(curl -s https://raw.githubusercontent.com/cloudflare/mod_cloudflare/master/EasyApache/installer.sh)` 2. Upon installing, you will need to recompile your Apache with the new mod\_cloudflare plugin. 3. To fix this, open up your Apache configuration. This can typically be found in `/etc/apache2/apache2.conf`, `/etc/httpd/httpd.conf`, `/usr/local/apache/conf/httpd.conf` or another location depending on configuration. If you're unsure, ask your hosting provider. 4. At the very end add:`CloudflareRemoteIPTrustedProxy {LOOPBACK_ADDRESS}` So, if your server is located at 127.0.0.1, it will look like:`CloudflareRemoteIPTrustedProxy 127.0.0.1` 5. If you have more than one server to add to the trusted proxy list, you can add them at the end: CloudflareRemoteIPTrustedProxy 127.0.0.1 127.0.0.2 ### Lighttpd To have Lighttpd automatically rewrite the server IP for the access logs and for your application, you can follow one of the two solutions below. 1. Open your **lighttpd.conf** file and add _mod\_extforward_ to the _server.modules_ list. It must come **after** _mod\_accesslog_ to show the real IP in the access logs 2. Add the following code block anywhere in the **lighttpd.conf** file after the server modules list and then restart Lighttpd ``` $HTTP["remoteip"] == "192.2.0.1 (example IP address)" { extforward.forwarder = ( "all" => "trust" ) extforward.headers = ("CF-Connecting-IP") } ``` Note If your origin connects to the Internet with IPv6,**$HTTP\["remoteip"\]**, which is required for matching the remote IP ranges does not work when IPv6 is enabled. Using the above method will not work when trying to forward IP ranges. Add the following lines to lighttpd.conf as an alternative solution:`extforward.forwarder = ( "all" => "trust" ) extforward.headers = ("CF-Connecting-IP")` ### LiteSpeed server 1. Go to your LiteSpeed Web Admin Console. 2. Enable the option Use Client IP in Header in Configuration. 3. Once enabled, your access logs will now show the correct IP addresses, and even PHP's `$_SERVER['REMOTE_ADDR']` variable will contain the client real IP address, instead of a Cloudflare IP address, which in itself will resolve most problems you could hit when enabling Cloudflare on PHP-enabled web sites (like WordPress or vBulletin installs). ### Microsoft IIS #### For IIS 7 - 8: Follow the directions in the [Microsoft Community ↗](https://techcommunity.microsoft.com/t5/iis-support-blog/how-to-use-x-forwarded-for-header-to-log-actual-client-ip/ba-p/873115). #### For IIS 8.5 - 10: From IIS 8.5 onwards, custom logging is a built-in option. Refer to [IIS Enhanced Logging ↗](http://www.iis.net/learn/get-started/whats-new-in-iis-85/enhanced-logging-for-iis85). 1. In IIS Manager, double click on **Logging** in the _Actions_ menu of the site you are working on. 2. After this launches, select **W3C** as the format and then click **Select Fields** next to the format drop-down in the _Log File_ sub-section. 3. Click on **Add Field** and add in _CF-Connecting-IP_ header. 4. Click **Ok**. You should see your new entry reflected under **Custom Fields**. Click on **Apply** when you are back in the _Logging_ window. 5. If this is successful, the log file should now have an underscore:You should also see the change in the fields: 6. Restart the site, then W3SVC, then the entire instance if the change doesn’t reflect immediately.When using enhanced logging in IIS 8.5+, it **does not restore** original visitor IP at the application level. ### Tomcat 7 To have Tomcat7 automatically restore the original visitor IP to your access logs and application you will need to add `%{CF-Connecting-IP}i` into your log schema. As an example, you could add the below block to your `server.xml` file. ``` ``` Which would result in your logs looking like this: `Visitor IP - Cloudflare IP - [04/Dec/2014:23:18:15 -0500] - "GET / HTTP/1.1" - 200 - 1895 - 193d704b85200296-SJC` ### Magento Refer to this third-party tutorial on restoring original visitor IP with [Magento and Cloudflare ↗](https://tall-paul.co.uk/2012/03/02/magento-show-remote-ip-when-using-cloudflare/). Similarly, Cloudflare did not write this [Magento extension ↗](https://marketplace.magento.com/), but some of our customers have found it helpful. As this plugin was created by an outside party, we can't provide technical support for issues related to the plugin. ### IPB (Invision Power Board) To enable correct IP matching when running an Invision Power Board 3 installation through Cloudflare, follow these directions: Log into your IPB installation's ACP. 1. Click **System**. 2. Under Overview, click **Security**. 3. Under Security Center, click **Security Settings**.Check that _Trust IP addresses provided by proxies?_ is green. #### IPB4 description of _Trust IP addresses provided by proxies?_ If your network environment means requests are handled through a proxy (such as in an intranet situation in an office or university, or on a load-balanced server cluster), you may need to enable this setting so that the correct IP address is used. However, when enabled, a malicious user can abuse the system to provide a fake IP address. In most environments, this setting should be left off. ### PHPBB If you are using an Apache server, then we would recommend installing [mod\_remoteip ↗](https://httpd.apache.org/docs/2.4/mod/mod%5Fremoteip.html) to restore the visitor IP back to your logs. If you do not have access to your server to install a mod, then you may be able to [modify the core ↗](https://www.phpbb.com/community/viewtopic.php?p=13936406#p13936406). ### MyBB forums More recent versions of MyBB include a Scrutinize User's IP address option. `Admin CP > Configuration > Server and Optimization Options > Scrutinize User's IP address? > Yes` Alternatively, you may install the [Cloudflare management plugin ↗](https://mods.mybb.com/view/antoligy-mybb-cloudflare-management-plugin) available for MyBB 1.6. #### MyBB 1.6.0, 1.6.1, 1.6.2, or 1.6.3 1. Navigate to `./inc/functions.php`. 2. Go to line 2790. 3. Replace:`if(isset($_SERVER['REMOTE_ADDR']))`With:`if(isset($_SERVER['HTTP_CF_CONNECTING_IP']))` 4. Then, replace:`$ip = $_SERVER['REMOTE_ADDR'];`With:`$ip = $_SERVER['HTTP_CF_CONNECTING_IP'];` ### Vanilla forums A member of the Vanilla team has written a [Cloudflare plugin for Vanilla ↗](https://open.vanillaforums.com/addon/cloudflaresupport-plugin) to restore original visitor IP to the log files for self-hosted sites. As this plugin was created by an outside party, we can't provide technical support for issues related to the plugin.MediaWiki 1. Open `includes/GlobalFunctions.php`. At approximately line 370, change the following:`$forward = "\t(proxied via {$_SERVER['REMOTE_ADDR']}{$forward})";`to`$forward = "\t(proxied via {$_SERVER['HTTP_CF_CONNECTING_IP']}{$forward})";` 2. Open `includes/ProxyTools.php`. At approximately line 79, find:`if ( isset( $_SERVER['REMOTE_ADDR'] ) ){`and replace with:`if ( isset( $_SERVER['HTTP_CF_CONNECTING_IP'] ) ){`The second step only applies to MediaWiki versions 1.18.0 and older. Newer versions of MediaWiki have completely rewritten ProxyTools.php and the following code is no longer present. 3. Find at approximately line 80:`$ipchain = array( IP::canonicalize($_SERVER['REMOTE_ADDR']) );`Save and upload to your origin web server. #### For versions around 1.27.1: 1. Go to line 1232 in `GlobalFunctions.php`, change `REMOTE_ADDR` to `HTTP_CF_CONNECTING_IP`. 2. Next, go to `WebRequest.php`, in lines 1151 to line 1159, change `REMOTE_ADDR` to `HTTP_CF_CONNECTING_IP`. ### XenForo A XenForo user has created a [plugin for Cloudflare ↗](https://xenforo.com/community/resources/solidmean-cloudflare-detect.1595/). As this plugin was created by an outside party, we can't provide technical support for issues related to the plugin. 1. Open `library/config.php`. 2. At the end, add:`if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) { $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];}` 3. Upload and overwrite. ### PunBB An outside party has created a [module for Cloudflare and PunBB ↗](http://punbb.informer.com/forums/post/147539/#p147539) that will restore original visitor IP. As this plugin was created by an outside party, we can't provide technical support for issues related to the plugin.Cherokee server 1. Launch `cherokee-admin` on your server. 2. Navigate to the **Cherokee Administration interface** in your web browser. 3. Select the **Virtual Server** for the domain that is being serviced by Cloudflare. 4. On the _Logging_ tab for your selected **Virtual Server**, enable Accept Forwarded IPs. 5. In the _Accept from Hosts_ box, enter [Cloudflare's IP addresses ↗](https://www.cloudflare.com/ips/). ### Livezilla You can fix the IP address by changing the `PHP IP Server Param` field on the Livezilla server configuration to `HTTP_CF_CONNECTING_IP`. ### Datalife Engine To restore visitor IP to DataLife Engine: 1. Open:/engine/inc/include/functions.inc.phpFind:`$db_ip_split = explode( ".", $_SERVER['REMOTE_ADDR'] );`Change to:`$db_ip_split = explode(".", $_SERVER['HTTP_CF_CONNECTING_IP'] );` 2. Find:`$ip_split = explode( ".", $_SERVER['REMOTE_ADDR'] );`Change to:`$ip_split = explode(".", $_SERVER['HTTP_CF_CONNECTING_IP'] );` 3. Open:/engine/modules/addcomments.phpFind:`$_SERVER['REMOTE_ADDR'],`Change to:`$_SERVER['HTTP_CF_CONNECTING_IP'],` 4. Find:`$db_ip_split = explode( ".", $_SERVER['REMOTE_ADDR'] );`Change to:`$db_ip_split = explode( ".", $_SERVER['HTTP_CF_CONNECTING_IP'] );` ### TYPO3 An outside developer has created a [Cloudflare extension for TYPO3 ↗](https://extensions.typo3.org/extension/cloudflare/) that will restore original visitor IP to your logs. The extension will also give the ability to clear your Cloudflare cache. As this plugin was created by an outside party, we can't provide technical support for issues related to the plugin. ### VestaCP If you use the hosting control panel VestaCP, you have both Nginx and Apache running on your server. Requests are proxied through Nginx before going to Apache. Because of this Nginx proxy, you actually need to follow the instructions to configure Nginx to return the real visitor IP address. [mod\_remoteip ↗](https://httpd.apache.org/docs/2.4/mod/mod%5Fremoteip.html) for Apache is not needed unless you disable the Nginx server for some requests. Adding [mod\_remoteip ↗](https://httpd.apache.org/docs/2.4/mod/mod%5Fremoteip.html) to Apache will not conflict with the Nginx server configuration. ### node.js An outside developer has created a module to restore visitor IP called [node\_cloudflare. ↗](https://github.com/keverw/node%5FCloudFlare) ### HAProxy In order to extract the original client IP in the X\_FORWARDED\_FOR header, you need to use the following configuration in HAProxy: 1. Create a text file `CF_ips.lst` containing all IP ranges from [https://www.cloudflare.com/en-gb/ips/ ↗](https://www.cloudflare.com/en-gb/ips/) 2. Ensure to disable `option forwardfor` in HAProxy HAProxy config: ``` acl from_cf src -f /path/to/CF_ips.lst acl cf_ip_hdr req.hdr(CF-Connecting-IP) -m found http-request set-header X-Forwarded-For %[req.hdr(CF-Connecting-IP)] if from_cf cf_ip_hdr ``` ### Envoy Gateway To extract the original client IP for your Envoy Gateway, set a [Client Traffic Policy ↗](https://gateway.envoyproxy.io/latest/tasks/traffic/client-traffic-policy/#configure-client-ip-detection) to look for the custom [CF-Connecting-IP header](https://developers.cloudflare.com/fundamentals/reference/http-headers/#cf-connecting-ip). Truncated Client Traffic Policy example ``` clientIPDetection: customHeader: name: CF-Connecting-IP failClosed: true ``` For more details, refer to [Custom header original IP detection extension ↗](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/original%5Fip%5Fdetection/custom%5Fheader/v3/custom%5Fheader.proto). ### Caddy If you are running an application behind [Caddy ↗](https://caddyserver.com/) that relies on the `X-Forwarded-For` header, you can configure Caddy to override the header with Cloudflare's [CF-Connecting-IP header](https://developers.cloudflare.com/fundamentals/reference/http-headers/#cf-connecting-ip). It is advised that you also only accept traffic from [Cloudflare's IP addresses ↗](https://www.cloudflare.com/ips/); otherwise, the header could be spoofed. That's why, in the second example, we handle this as part of the Caddy configuration. Alternatively, you can handle this at the firewall level, which is usually easier to automate. If you already have a firewall or other measure in place to ensure this, your Caddyfile could look like this: Caddyfile ``` https://example.com { reverse_proxy localhost:8080 { # Sets X-Forwarded-For as the value Cloudflare gives us for CF-Connecting-IP. header_up X-Forwarded-For {http.request.header.CF-Connecting-IP} } } ``` If you want Caddy to handle only accepting traffic from [Cloudflare's IP addresses ↗](https://www.cloudflare.com/ips/), you can use a configuration like this one: Caddyfile ``` https://example.com { # Restrict access to Cloudflare IPs (https://www.cloudflare.com/ips/) @cloudflare { remote_ip 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/13 104.24.0.0/14 172.64.0.0/13 131.0.72.0/22 2400:cb00::/32 2606:4700::/32 2803:f800::/32 2405:b500::/32 2405:8100::/32 2a06:98c0::/29 2c0f:f248::/32 } # Process requests from Cloudflare IPs handle @cloudflare { reverse_proxy localhost:8080 { # Sets X-Forwarded-For as the value Cloudflare gives us for CF-Connecting-IP. header_up X-Forwarded-For {http.request.header.CF-Connecting-IP} } } # Deny requests from non-Cloudflare IPs handle { respond "Access Denied" 403 } } ``` --- ## Related Resources * [Cloudflare HTTP headers](https://developers.cloudflare.com/fundamentals/reference/http-headers/) * [Transform Rules](https://developers.cloudflare.com/rules/transform/) ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/support/","name":"Support"}},{"@type":"ListItem","position":3,"item":{"@id":"/support/troubleshooting/","name":"Troubleshooting"}},{"@type":"ListItem","position":4,"item":{"@id":"/support/troubleshooting/restoring-visitor-ips/","name":"Restoring Visitor IPs"}},{"@type":"ListItem","position":5,"item":{"@id":"/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/","name":"Restoring original visitor IPs"}}]} ```