-
Notifications
You must be signed in to change notification settings - Fork 5.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Errors] Update 4xx-client-error.mdx #18887
base: production
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||||||
---|---|---|---|---|---|---|---|---|---|---|
|
@@ -41,15 +41,23 @@ If you're seeing a 403 error without Cloudflare branding, this is always retur | |||||||||
2. Mod\_security rules | ||||||||||
3. IP deny rules. You need to make sure that [Cloudflare's IP ranges](https://www.cloudflare.com/ips) aren't being blocked | ||||||||||
|
||||||||||
### Cloudflare-specific information | ||||||||||
|
||||||||||
Cloudflare will serve 403 responses if the request violated either a default WAF managed rule enabled for all orange-clouded Cloudflare domains or a WAF managed rule enabled for that particular zone. Read more at [WAF Managed Rules](/waf/managed-rules/). | ||||||||||
|
||||||||||
If you're seeing a 403 response that contains Cloudflare branding in the response body, this is the HTTP response code returned along with many of our security features: | ||||||||||
|
||||||||||
* [WAF Custom or Managed Rules](/waf/) with the challenge or block action | ||||||||||
* [Security Level](/waf/tools/security-level/), that is set to Medium by default | ||||||||||
* [DDoS Protection](/ddos-protection/), that is enabled by default on zones onboarded to Cloudflare, IP applications onboarded to Spectrum, and IP Prefixes onboarded to Magic Transit | ||||||||||
* Most [1xxx Cloudflare error codes](/support/troubleshooting/cloudflare-errors/troubleshooting-cloudflare-1xxx-errors/) | ||||||||||
* The [Browser Integrity Check](/waf/tools/browser-integrity-check/) | ||||||||||
|
||||||||||
Cloudflare will also served blank 403 error pages in the following 2 cases. There errors are not logged as they occur early in Cloudflare's infrastructure before the configuration for domains has been loaded. | ||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||||||||
|
||||||||||
* [SNI](https://www.cloudflare.com/learning/ssl/what-is-sni/) mismatch: an error 403 is returned if there is a mismatch caused by the client sending a different host to the SNI | ||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||||||||
* [Validation Checks](/waf/analytics/security-events/additional-information/) | ||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||||||||
|
||||||||||
## **404 Not Found ([RFC7231](https://tools.ietf.org/html/rfc7231))** | ||||||||||
|
||||||||||
Origin server was unable or unwilling to find the resource requested. This usually means the host server could not find the resource. To serve a more permanent version of this error one should use a 410 error code. | ||||||||||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.