uptime-kuma
uptime-kuma copied to clipboard
louislam
Get Uptime Kuma Whitelisted in Cloudflare WAF
⚠️ Please verify that this feature request has NOT been suggested before.
- [X] I checked and didn't find similar feature request
🏷️ Feature Request Type
Other
🔖 Feature description
In relation to #1333 #2054 - made a Cloudflare ticket from work account and they actually replied.
There exists a mechanism to have a bot looked at by Cloudflare and whitelisted. This would help with 503 errors coming up on https monitored endpoints.
It is a bit of a challenge with a self-hosted service as their preferred authentication methods are ASN / IP / ACL based but they do offer a machine-learning option that might be worth applying.
This allowlist is large based on reverse DNS verification, meaning that the IPs we allow really match the requesting service. In addition to this, Cloudflare uses multiple validation methods including ASN blocks and public lists. If none of these validation types are available for a customer, we use internal Cloudflare data and machine learning to identify legitimate IP addresses from good bots.
✔️ Solution
It is a long shot but have @louislam fill out the form in the Cloudflare KB article.
❓ Alternatives
Disabling Bot Fighting mode on effected domains is a work-around but comes at a penalty of getting a lot of junk traffic coming in.
📝 Additional Context
No response
Thanks, it have been submitted.
Btw, just sharing my experience. This suddenly reminded me, one of my Android app had this similar issue 2 years old. My app is using a http client with a custom user-agent. It makes requests to an API with Cloudflare.
However, there were always maybe 1% users reported that the app was not working. After some investigations, it turned out that it blocked by Cloudflare's Browser Integrity Check and Bot Fight Mode. After turned off these options, no more reports.
Although it can block some bots, it also blocks small amount of good users.
Any news on Cloudflare accepting Uptime Kuma as a recognised bot? They have many other monitoring bots https://radar.cloudflare.com/traffic/verified-bots
Maybe if more users submitted a request to add it?
I am also facing this same issue because of bot mode enabled
try to add custom WAF rules but not working so finally whitelist and allow Uptime Kuma IP
- Login to CF Dashboard
- websites > Choose a Cloudflare-enabled site that uses bot fight mode and Browser Integrity Check
- goto security > WAF > Open tools tab > add the IP address of uptime hosted server - set action allow and click add
- Done it won't block the HTTP request from uptimekuma
Note Currently I use this solution to bypass the 403 bot block from CF - for more refer - https://developers.cloudflare.com/waf/ Cloudflare won't recommend this method - https://developers.cloudflare.com/waf/tools/ip-access-rules/ but this the temporary solution for now
@mskian this is a solution for a few domains. In our case we are speaking about hundreds. Building an integration to do this via CF API is not a great solution too...
Ok got it but they give the option to apply this IP list rule for All websites in account
Given that we filled out the form in the Cloudflare KB article and that there is not more we can do about this.
https://developers.cloudflare.com/waf/managed-rules/waf-exceptions/ can be used by clients to register UK as a exception => closing as resolved
