Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Errors] Update 4xx-client-error.mdx #18887

Open
wants to merge 1 commit into
base: production
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -41,15 +41,23 @@ If you're seeing a 403 error without Cloudflare branding, this is always retur
2. Mod\_security rules
3. IP deny rules. You need to make sure that [Cloudflare's IP ranges](https://www.cloudflare.com/ips) aren't being blocked

### Cloudflare-specific information

Cloudflare will serve 403 responses if the request violated either a default WAF managed rule enabled for all orange-clouded Cloudflare domains or a WAF managed rule enabled for that particular zone. Read more at [WAF Managed Rules](/waf/managed-rules/).

If you're seeing a 403 response that contains Cloudflare branding in the response body, this is the HTTP response code returned along with many of our security features:

* [WAF Custom or Managed Rules](/waf/) with the challenge or block action
* [Security Level](/waf/tools/security-level/), that is set to Medium by default
* [DDoS Protection](/ddos-protection/), that is enabled by default on zones onboarded to Cloudflare, IP applications onboarded to Spectrum, and IP Prefixes onboarded to Magic Transit
* Most [1xxx Cloudflare error codes](/support/troubleshooting/cloudflare-errors/troubleshooting-cloudflare-1xxx-errors/)
* The [Browser Integrity Check](/waf/tools/browser-integrity-check/)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* [Validation Checks](/waf/analytics/security-events/additional-information/)

Cloudflare will also served blank 403 error pages in the following 2 cases. There errors are not logged as they occur early in Cloudflare's infrastructure before the configuration for domains has been loaded.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Cloudflare will also served blank 403 error pages in the following 2 cases. There errors are not logged as they occur early in Cloudflare's infrastructure before the configuration for domains has been loaded.
Cloudflare will also serve an unstyled 403 error page in the following case. There errors are not logged as they occur early in Cloudflare's infrastructure before the configuration for domains has been loaded.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Cloudflare will also served blank 403 error pages in the following 2 cases. There errors are not logged as they occur early in Cloudflare's infrastructure before the configuration for domains has been loaded.
Cloudflare will also serve blank 403 error pages in the following 2 cases. These errors are not logged, as they occur early in Cloudflare's infrastructure, before the configuration for the domains has been loaded.


* [SNI](https://www.cloudflare.com/learning/ssl/what-is-sni/) mismatch: an error 403 is returned if there is a mismatch caused by the client sending a different host to the SNI
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* [SNI](https://www.cloudflare.com/learning/ssl/what-is-sni/) mismatch: an error 403 is returned if there is a mismatch caused by the client sending a different host to the SNI
* [SNI](https://www.cloudflare.com/learning/ssl/what-is-sni/) mismatch: a 403 error is returned if there is a mismatch caused by the client sending a different host to the SNI

* [Validation Checks](/waf/analytics/security-events/additional-information/)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* [Validation Checks](/waf/analytics/security-events/additional-information/)


## **404 Not Found ([RFC7231](https://tools.ietf.org/html/rfc7231))**

Origin server was unable or unwilling to find the resource requested. This usually means the host server could not find the resource. To serve a more permanent version of this error one should use a 410 error code.
Expand Down
Loading