New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Errors] Update 4xx-client-error.mdx #18887

Open

ngayerie wants to merge 1 commit into production from ngayerie-patch-11

Contributor

ngayerie commented Dec 20, 2024 •

edited

Loading

Summary

Updating the 403 documentation to mention SNI mismatch and validation checks, PCX-15123


          Update 4xx-client-error.mdx

96c0379

ngayerie requested review from shanecloudflare, zeinjaber, TracyCloudflare and a team as code owners

December 20, 2024 12:42

github-actions bot assigned shanecloudflare

github-actions bot added the size/xs label

github-actions bot assigned TracyCloudflare and zeinjaber

github-actions bot added the product:support label

cloudflare-workers-and-pages bot commented Dec 20, 2024

Deploying cloudflare-docs with Cloudflare Pages

Latest commit:	`96c0379`
Status:	✅ Deploy successful!
Preview URL:	https://c0795f4a.cloudflare-docs-7ou.pages.dev
Branch Preview URL:	https://ngayerie-patch-11.cloudflare-docs-7ou.pages.dev

github-actions bot commented Dec 20, 2024

Files with changes (up to 15)

Original Link	Updated Link
https://developers.cloudflare.com/support/troubleshooting/http-status-codes/4xx-client-error/	https://ngayerie-patch-11.cloudflare-docs-7ou.pages.dev/support/troubleshooting/http-status-codes/4xx-client-error/

dom-cf reviewed

View reviewed changes

Contributor

dom-cf left a comment

Suggesting moving Validation to the standard 403 list as it returns a branded 1012 Access Denied.
The SNI/Host mismatch is the only scenario that returns an unstyled 403 as far as I am aware.

src/content/docs/support/troubleshooting/http-status-codes/4xx-client-error.mdx

               Cloudflare will serve 403 responses if the request violated either a default WAF managed rule enabled for all orange-clouded Cloudflare domains or a WAF managed rule enabled for that particular zone. Read more at [WAF Managed Rules](/waf/managed-rules/).
               If you're seeing a 403 response that contains Cloudflare branding in the response body, this is the HTTP response code returned along with many of our security features:
               * [WAF Custom or Managed Rules](/waf/) with the challenge or block action
               * [Security Level](/waf/tools/security-level/), that is set to Medium by default
+              * [DDoS Protection](/ddos-protection/), that is enabled by default on zones onboarded to Cloudflare, IP applications onboarded to Spectrum, and IP Prefixes onboarded to Magic Transit
               * Most [1xxx Cloudflare error codes](/support/troubleshooting/cloudflare-errors/troubleshooting-cloudflare-1xxx-errors/)
               * The [Browser Integrity Check](/waf/tools/browser-integrity-check/)

Contributor

dom-cf Dec 20, 2024

Suggested change

      
            * [Validation Checks](/waf/analytics/security-events/additional-information/)

src/content/docs/support/troubleshooting/http-status-codes/4xx-client-error.mdx

               * Most [1xxx Cloudflare error codes](/support/troubleshooting/cloudflare-errors/troubleshooting-cloudflare-1xxx-errors/)
               * The [Browser Integrity Check](/waf/tools/browser-integrity-check/)
+              Cloudflare will also served blank 403 error pages in the following 2 cases. There errors are not logged as they occur early in Cloudflare's infrastructure before the configuration for domains has been loaded.

Contributor

dom-cf Dec 20, 2024

Suggested change

      
            Cloudflare will also served blank 403 error pages in the following 2 cases. There errors are not logged as they occur early in Cloudflare's infrastructure before the configuration for domains has been loaded.
          
            Cloudflare will also serve an unstyled 403 error page in the following case. There errors are not logged as they occur early in Cloudflare's infrastructure before the configuration for domains has been loaded.

src/content/docs/support/troubleshooting/http-status-codes/4xx-client-error.mdx

+              Cloudflare will also served blank 403 error pages in the following 2 cases. There errors are not logged as they occur early in Cloudflare's infrastructure before the configuration for domains has been loaded.
+              * [SNI](https://www.cloudflare.com/learning/ssl/what-is-sni/) mismatch: an error 403 is returned if there is a mismatch caused by the client sending a different host to the SNI
+              * [Validation Checks](/waf/analytics/security-events/additional-information/)

Contributor

dom-cf Dec 20, 2024

Suggested change

* [Validation Checks](/waf/analytics/security-events/additional-information/)

angelampcosta approved these changes

View reviewed changes

src/content/docs/support/troubleshooting/http-status-codes/4xx-client-error.mdx

               * Most [1xxx Cloudflare error codes](/support/troubleshooting/cloudflare-errors/troubleshooting-cloudflare-1xxx-errors/)
               * The [Browser Integrity Check](/waf/tools/browser-integrity-check/)
+              Cloudflare will also served blank 403 error pages in the following 2 cases. There errors are not logged as they occur early in Cloudflare's infrastructure before the configuration for domains has been loaded.

Contributor

angelampcosta Dec 20, 2024

Suggested change

      
            Cloudflare will also served blank 403 error pages in the following 2 cases. There errors are not logged as they occur early in Cloudflare's infrastructure before the configuration for domains has been loaded.
          
            Cloudflare will also serve blank 403 error pages in the following 2 cases. These errors are not logged, as they occur early in Cloudflare's infrastructure, before the configuration for the domains has been loaded.

src/content/docs/support/troubleshooting/http-status-codes/4xx-client-error.mdx

               * Most [1xxx Cloudflare error codes](/support/troubleshooting/cloudflare-errors/troubleshooting-cloudflare-1xxx-errors/)
               * The [Browser Integrity Check](/waf/tools/browser-integrity-check/)
+              Cloudflare will also served blank 403 error pages in the following 2 cases. There errors are not logged as they occur early in Cloudflare's infrastructure before the configuration for domains has been loaded.
+              * [SNI](https://www.cloudflare.com/learning/ssl/what-is-sni/) mismatch: an error 403 is returned if there is a mismatch caused by the client sending a different host to the SNI

Contributor

angelampcosta Dec 20, 2024

Suggested change

      
            * [SNI](https://www.cloudflare.com/learning/ssl/what-is-sni/) mismatch: an error 403 is returned if there is a mismatch caused by the client sending a different host to the SNI
          
            * [SNI](https://www.cloudflare.com/learning/ssl/what-is-sni/) mismatch: a 403 error is returned if there is a mismatch caused by the client sending a different host to the SNI

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

dom-cf dom-cf left review comments

angelampcosta angelampcosta approved these changes

shanecloudflare Awaiting requested review from shanecloudflare shanecloudflare is a code owner

zeinjaber Awaiting requested review from zeinjaber zeinjaber is a code owner

TracyCloudflare Awaiting requested review from TracyCloudflare TracyCloudflare is a code owner

Labels

product:support size/xs