Please follow this guide if you've configured an External HTTP URL that points to a website or API that runs behind Cloudflare.
Cloudflare is a leading CDN provider and is well-known for its DDoS challenge response screens:
Cloudflare challenge responses are designed to intercept the first request to a website, which is usually an HTML webpage.
Once the user has been verified, Cloudflare sets a cookie to skip challenge responses for subsequent requests, allowing images to be downloaded for the page, and for subsequent pages to be requested.
User makes an HTTP request to a Cloudflare-protected URL.
Cloudflare may return a challenge response:
Receiving a challenge response is considered normal and does not always indicate your browser's signature or your IP is suspicious.
The HTTP status code will always be 403, even if the response automatically passes (see below).
Redirect you automatically to the underlying webpage/asset.
Display a human captcha form.
Reject the request.
Cloudflare challenge responses are good for protecting URLs that are accessed by humans.
However, challenge responses often cause problems for URLs that are accessed by external services, like the Upload CDN:
Since the initial URL loaded by the Upload CDN is often an asset (e.g. an image) as opposed to a webpage, there is no way for the Upload CDN to forward the challenge response to the user, since the user won't see the challenge response due to the asset being loaded via an <img /> element as opposed to a browser tab.
The Upload CDN cannot adopt the user's existing Cloudflare session cookie, since this will be tied to your site's domain as opposed to the Upload CDN's domain.
The Upload CDN is likely to issue many concurrent requests on behalf of your users, especially for high-traffic sites, meaning Cloudflare is likely to trigger challenge responses more regularly.
We recommend pointing your External HTTP URL directly to your origin, as opposed to routing your requests via Cloudflare.
If this is not possible, you can whitelist the Upload CDN in your Cloudflare account to prevent challenge responses.
Please follow these steps:
Login to the Cloudflare Dashboard
Click on the website referenced by your External HTTP URL
Click "Rules" > "Configuration Rules"
Click "Create Rule"
Rule name: "Upload CDN Whitelist Rule"
When incoming requests match...
Select "Custom filter expression"
Field: "User Agent"
Note: this field is case sensitive.
Add "Browser Integrity Check" and set to OFF
Add "Hotlink Protection" and set to OFF
Add "Security Level" and set to OFF or ESSENTIALLY OFF
Additional steps for "Super Bot Fight Mode":
If your site has "Super Bot Fight Mode" enabled, then you may need to perform the above steps under Security > WAF > Custom Rules instead.
Please note: the Upload CDN performs its own DDoS protection and caching to protect your origin from distributed attacks.
These pages may also be helpful:
This website requires a modern web browser -- the latest versions of these browsers are supported: