{ "id": "policy/cloudflare-waf-custom-rule-blocked-legitimate-traffic", "signature": "Error 1010: The owner of this website has banned your access based on your browser's signature.", "signature_zh": "错误1010:此网站的所有者已根据您浏览器的签名禁止了您的访问。", "regex": "Error 1010: The owner of this website has banned your access based on your browser's signature\\.", "domain": "policy", "category": "network_error", "subcategory": null, "root_cause": "A Cloudflare WAF custom rule or firewall rule is blocking traffic based on a specific browser signature or user-agent, incorrectly classifying legitimate requests as malicious.", "root_cause_type": "generic", "root_cause_zh": "Cloudflare WAF自定义规则或防火墙规则基于特定的浏览器签名或用户代理阻止流量,错误地将合法请求归类为恶意请求。", "versions": [ { "version": "Cloudflare WAF 2023-01-01", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "Cloudflare Firewall Rules 2023-03-01", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" } ], "os_specific": {}, "dead_ends": [ { "action": "", "why_fails": "This removes all security protections, leaving the site vulnerable to attacks. It also does not address the root cause of why legitimate traffic was blocked.", "fail_rate": 0.7, "condition": "", "sources": [] }, { "action": "", "why_fails": "The block is based on the browser's signature (e.g., User-Agent, TLS fingerprint), which is not affected by cache or cookies.", "fail_rate": 0.9, "condition": "", "sources": [] }, { "action": "", "why_fails": "If the rule is based on browser signature rather than IP, changing the IP will not bypass the block.", "fail_rate": 0.6, "condition": "", "sources": [] } ], "workarounds": [ { "action": "Identify the specific WAF rule causing the block via Cloudflare Analytics: Log in to Cloudflare dashboard > Security > Events > Filter by RayID. Then modify or disable that rule. For example, if the rule blocks User-Agent 'BadBot', update it to allow 'Mozilla/5.0'.", "success_rate": 0.85, "how": "Identify the specific WAF rule causing the block via Cloudflare Analytics: Log in to Cloudflare dashboard > Security > Events > Filter by RayID. Then modify or disable that rule. For example, if the rule blocks User-Agent 'BadBot', update it to allow 'Mozilla/5.0'.", "condition": "", "sources": [] }, { "action": "Add a firewall rule to bypass WAF for specific trusted IPs or user-agents: `curl -X POST https://api.cloudflare.com/client/v4/zones/ZONE_ID/firewall/rules --header \"Authorization: Bearer API_TOKEN\" --data '{\"filter\":{\"expression\":\"(ip.src eq 192.0.2.1)\",\"paused\":false},\"action\":\"bypass\",\"priority\":1}'`.", "success_rate": 0.8, "how": "Add a firewall rule to bypass WAF for specific trusted IPs or user-agents: `curl -X POST https://api.cloudflare.com/client/v4/zones/ZONE_ID/firewall/rules --header \"Authorization: Bearer API_TOKEN\" --data '{\"filter\":{\"expression\":\"(ip.src eq 192.0.2.1)\",\"paused\":false},\"action\":\"bypass\",\"priority\":1}'`.", "condition": "", "sources": [] }, { "action": "Use Cloudflare's 'Under Attack' mode temporarily and then switch to a custom rule that uses rate limiting instead of browser signature checks: `curl -X PATCH https://api.cloudflare.com/client/v4/zones/ZONE_ID/settings/security_level --header \"Authorization: Bearer API_TOKEN\" --data '{\"value\":\"under_attack\"}'`.", "success_rate": 0.75, "how": "Use Cloudflare's 'Under Attack' mode temporarily and then switch to a custom rule that uses rate limiting instead of browser signature checks: `curl -X PATCH https://api.cloudflare.com/client/v4/zones/ZONE_ID/settings/security_level --header \"Authorization: Bearer API_TOKEN\" --data '{\"value\":\"under_attack\"}'`.", "condition": "", "sources": [] } ], "workarounds_zh": [ "Identify the specific WAF rule causing the block via Cloudflare Analytics: Log in to Cloudflare dashboard > Security > Events > Filter by RayID. Then modify or disable that rule. For example, if the rule blocks User-Agent 'BadBot', update it to allow 'Mozilla/5.0'.", "Add a firewall rule to bypass WAF for specific trusted IPs or user-agents: `curl -X POST https://api.cloudflare.com/client/v4/zones/ZONE_ID/firewall/rules --header \"Authorization: Bearer API_TOKEN\" --data '{\"filter\":{\"expression\":\"(ip.src eq 192.0.2.1)\",\"paused\":false},\"action\":\"bypass\",\"priority\":1}'`.", "Use Cloudflare's 'Under Attack' mode temporarily and then switch to a custom rule that uses rate limiting instead of browser signature checks: `curl -X PATCH https://api.cloudflare.com/client/v4/zones/ZONE_ID/settings/security_level --header \"Authorization: Bearer API_TOKEN\" --data '{\"value\":\"under_attack\"}'`." ], "transition_graph": { "leads_to": [], "preceded_by": [], "frequently_confused_with": [] }, "official_doc_url": "https://developers.cloudflare.com/waf/troubleshooting/", "official_doc_section": null, "error_code": "1010", "verification_tier": "ai_generated", "confidence": 0.86, "fix_success_rate": 0.85, "resolvable": "true", "first_seen": "2023-02-28", "last_confirmed": "2024-06-01", "last_updated": "2024-06-01", "evidence_count": 1, "tags": [], "locale": "en", "aliases": [] }