# 错误1010：此网站的所有者已根据您浏览器的签名禁止了您的访问。

- **ID:** `policy/cloudflare-waf-custom-rule-blocked-legitimate-traffic`
- **领域:** policy
- **类别:** network_error
- **错误码:** `1010`
- **验证级别:** ai_generated
- **修复率:** 85%

## 根因

Cloudflare WAF自定义规则或防火墙规则基于特定的浏览器签名或用户代理阻止流量，错误地将合法请求归类为恶意请求。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| Cloudflare WAF 2023-01-01 | active | — | — |
| Cloudflare Firewall Rules 2023-03-01 | active | — | — |

## 解决方案

1. ```
   Identify the specific WAF rule causing the block via Cloudflare Analytics: Log in to Cloudflare dashboard > Security > Events > Filter by RayID. Then modify or disable that rule. For example, if the rule blocks User-Agent 'BadBot', update it to allow 'Mozilla/5.0'.
   ```
2. ```
   Add a firewall rule to bypass WAF for specific trusted IPs or user-agents: `curl -X POST https://api.cloudflare.com/client/v4/zones/ZONE_ID/firewall/rules --header "Authorization: Bearer API_TOKEN" --data '{"filter":{"expression":"(ip.src eq 192.0.2.1)","paused":false},"action":"bypass","priority":1}'`.
   ```
3. ```
   Use Cloudflare's 'Under Attack' mode temporarily and then switch to a custom rule that uses rate limiting instead of browser signature checks: `curl -X PATCH https://api.cloudflare.com/client/v4/zones/ZONE_ID/settings/security_level --header "Authorization: Bearer API_TOKEN" --data '{"value":"under_attack"}'`.
   ```

## 无效尝试

- **** — This removes all security protections, leaving the site vulnerable to attacks. It also does not address the root cause of why legitimate traffic was blocked. (70% 失败率)
- **** — The block is based on the browser's signature (e.g., User-Agent, TLS fingerprint), which is not affected by cache or cookies. (90% 失败率)
- **** — If the rule is based on browser signature rather than IP, changing the IP will not bypass the block. (60% 失败率)