错误1010:此网站的所有者已根据您浏览器的签名禁止了您的访问。
Error 1010: The owner of this website has banned your access based on your browser's signature.
ID: policy/cloudflare-waf-custom-rule-blocked-legitimate-traffic
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| Cloudflare WAF 2023-01-01 | active | — | — | — |
| Cloudflare Firewall Rules 2023-03-01 | active | — | — | — |
根因分析
Cloudflare WAF自定义规则或防火墙规则基于特定的浏览器签名或用户代理阻止流量,错误地将合法请求归类为恶意请求。
English
A Cloudflare WAF custom rule or firewall rule is blocking traffic based on a specific browser signature or user-agent, incorrectly classifying legitimate requests as malicious.
官方文档
https://developers.cloudflare.com/waf/troubleshooting/解决方案
-
Identify the specific WAF rule causing the block via Cloudflare Analytics: Log in to Cloudflare dashboard > Security > Events > Filter by RayID. Then modify or disable that rule. For example, if the rule blocks User-Agent 'BadBot', update it to allow 'Mozilla/5.0'.
-
Add a firewall rule to bypass WAF for specific trusted IPs or user-agents: `curl -X POST https://api.cloudflare.com/client/v4/zones/ZONE_ID/firewall/rules --header "Authorization: Bearer API_TOKEN" --data '{"filter":{"expression":"(ip.src eq 192.0.2.1)","paused":false},"action":"bypass","priority":1}'`. -
Use Cloudflare's 'Under Attack' mode temporarily and then switch to a custom rule that uses rate limiting instead of browser signature checks: `curl -X PATCH https://api.cloudflare.com/client/v4/zones/ZONE_ID/settings/security_level --header "Authorization: Bearer API_TOKEN" --data '{"value":"under_attack"}'`.
无效尝试
常见但无效的做法:
-
70% 失败
This removes all security protections, leaving the site vulnerable to attacks. It also does not address the root cause of why legitimate traffic was blocked.
-
90% 失败
The block is based on the browser's signature (e.g., User-Agent, TLS fingerprint), which is not affected by cache or cookies.
-
60% 失败
If the rule is based on browser signature rather than IP, changing the IP will not bypass the block.