I need to add Cloudflare security to my site, but I need Homestead help!

  • 0
  • 1
  • Problem
  • Updated 5 months ago
  • In Progress
Archived and Closed

This conversation is no longer open for comments or replies and is no longer visible to community members. The community moderator provided the following reason for archiving: 7 days of inactivity

I have been trying for 2 wks to add Cloudflare recommended by HS for security. I do not know the internet language but it sounds like I need HS help to secure it because currently my site is down when I changed the IP addresses on my www.togoloveart.com. Here is their last response...can you help??

Hi there,
Thanks for contacting Cloudflare support. My name is Sarah and I will be looking into this ticket for you. Sorry for the issues you are facing.

Can some one at Cloudflare actually set up the nameservers without Errors so that it works correctly?

I can confirm these have been set up correctly now, and everything looks OK here.

Now all I get is a lot of instructions on how to do all this myself and it is confusing.

I'm sorry for the confusion here. For clarification here, as a matter of security policy Cloudflare Support is not able to make changes to your account. We can only explain to you how to make the changes yourself. This policy protects you from any accidental or inadvertent changes being made to your account and websites by Cloudflare.

I'm seeing a 521 error when trying to access your website.

A 521 error happens when we are unable to make a TCP connection to your origin server, typically because the connection was refused which often can be caused by security or firewall software.

Because Cloudflare operates as a reverse proxy the IP address your server will see is one of a limited number of Cloudflare IPs.

In that sense, many actual visitors may all come from the same IP address, which can cause firewalls or security software that is not appropriately whitelisting the Cloudflare IP ranges to block this traffic as it may see it as excessive or malicious. We publish a full list of our IP ranges so that you can whitelist them accordingly.

Are you able to make sure that your hosting provider confirms that the Cloudflare IP ranges listed in the URL above are fully whitelisted from any security software, firewall etc., to ensure there is no rate limiting or blocking of our edge server requests to your infrastructure?

This should ensure that Cloudflare can consistently make a connection to your origin server to retrieve content and serve it to your visitors.

If you have any questions or would like any assistance, please do not hesitate to ask.

Kind regards,
Sarah | Cloudflare Support Engineer
Search the Cloudflare Community for advice and insight.
Photo of Dan8823

Dan8823

  • 350 Points 250 badge 2x thumb

Posted 5 months ago

  • 0
  • 1
Photo of Michelle C

Michelle C, Employee

  • 35,172 Points 20k badge 2x thumb
Hello,

Due to this error there may be some settings in the Cloudflare account that are misconfigured. If you would like an agent to assist with troubleshooting anything within your Cloudfalre account we ask that you please call into support at 1800-710-1998 so we can better assist. I would recommend starting with the second common issue in this article. https://community.homestead.com/homestead/topics/cloudflare-common-cloudflare-issues Verify the only clouds that are turned on and set to orange are the same in the article. This will avoid routing through Cloudflares proxy ip and go straight to Homestead. 
Photo of Dan8823

Dan8823

  • 350 Points 250 badge 2x thumb
Again, I do not have the knowledge to reroute , opening ports, etc.   But here is what Cloudflare said today....again, it sounds like a problem that Homestead has to rectify...can you help?

Sonia (Cloudflare)

Feb 10, 1:19 AM PST

Hi Dan,

I am sorry to read that you're still experiencing difficulties.

As already mentioned, a 521 error happens when we are unable to make a TCP connection to your origin server, typically because the connection was refused which often can be caused by security or firewall software.

When running some tests from our Edge, I noticed that the connection is working fine via http but it gets refused when connecting through https:

HTTP

Source IP: 162.158.190.118
Connection to 216.40.47.17 80 port [tcp/http] succeeded!
Source IP: 162.158.190.119
Connection to 216.40.47.17 80 port [tcp/http] succeeded!

HTTPS

Source IP: 172.69.190.64
nc: connect to 216.40.47.17 port 443 (tcp) failed: Connection refused
[exit code 1]
Source IP: 172.69.190.65
nc: connect to 216.40.47.17 port 443 (tcp) failed: Connection refused
[exit code 1]

As you are redirecting all your traffic to https, this explains the error that you have been facing.

Can you please make sure that the port 443 is open and ready for a connection.

I hope this helps, however, if you have any more questions, simply reply to this email and we will be happy to help.

Best regards,

Sonia | Cloudflare Support
Search the Cloudflare Community for advice and insight.



Photo of Michelle C

Michelle C, Employee

  • 35,172 Points 20k badge 2x thumb
Understandable, if you would like an agent to assist with troubleshooting anything within your Cloudfalre account we ask that you please call into support at 1800-710-1998 so we can better assist.

This conversation is no longer open for comments or replies.