-
-
Notifications
You must be signed in to change notification settings - Fork 207
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cloudflare responds with 403 to requests for assets from subdomain #2286
Comments
The underlying issue is that I'm getting 403 errors from Cloudflare; for some reason I'm only getting them when assets are fetched from subdomains. |
@progval Can you send me the content of one of those 403 responses from Cloudflare? The IP address your requests are coming from could also help. You can send that information privately if you don't want to post them here, for example via email. |
From both 51.159.34.167 and 2001:bc8:6005:1c:208:a2ff:fe0c:6922. They are in a hosting provider's IP ranges, so Cloudflare is rather trigger-happy about them, but here I don't have the option to solve the captcha. |
So the problem is that Cloudflare is letting the initial request for the HTML page go through, but then challenges the sub-requests for the assets. This is unexpected behavior and might be considered a bug in Cloudflare's algorithms. I've changed the challenge from “Managed” to “JavaScript”. Can you try again to see if that challenge behaves differently? |
no visible change |
I have now whitelisted your IP addresses. Can you confirm that this workaround is effective? |
it is |
I've made improvements to the Cloudflare “Firewall rules” for the Cloudflare's weird behavior (challenging the sub-requests for static assets instead of the initial request for HTML) remains a concern. I'm leaving this issue open for possible future investigation of that problem. |
https://liberapay.com/ works fine for me, but when visiting https://fr.liberapay.com/ all icons are broken and the browser console is full of errors:
The text was updated successfully, but these errors were encountered: