Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. File Manager Blocked by Cloudflare

File Manager Blocked by Cloudflare

Scheduled Pinned Locked Moved Solved Support
cloudflarefilemanager
12 Posts 2 Posters 2.4k Views 2 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J Offline
    J Offline
    JLX89
    wrote on last edited by girish
    #1

    Hello,
    Is anyone else having issues where Cloudflare blocks the opening of certain files from within the File Manager? Specifically, it seems to be blocking opening wp-config.php (WordPress Developer).

    Ruleset: Cloudflare Managed Log4J Ruleset
    Rule: Wordpress - Broken Access Control, File Inclusion

    We are on the free plan and it seems to be managed rules. I've attempted to add an exclusion rule, but this still seems to be happening.

    Thank you!

    1 Reply Last reply
    0
    • girishG Offline
      girishG Offline
      girish
      Staff
      wrote on last edited by
      #2

      Don't really know much about the Cloudflare rules but just want to check if you have asked Cloudflare already? I couldn't find any info or docs on those ruleset/rule .

      J 1 Reply Last reply
      0
      • girishG girish

        Don't really know much about the Cloudflare rules but just want to check if you have asked Cloudflare already? I couldn't find any info or docs on those ruleset/rule .

        J Offline
        J Offline
        JLX89
        wrote on last edited by
        #3

        @girish said in File Manager Blocked by Cloudflare:

        Don't really know much about the Cloudflare rules but just want to check if you have asked Cloudflare already? I couldn't find any info or docs on those ruleset/rule .

        Yes, they basically said that I'd need to whitelist the IP Address, but that doesn't seem to be working. I'm also wondering if it's because I'm on the free plan.

        I've tried various exclusion rules, but there seems to be no change.

        girishG 1 Reply Last reply
        0
        • J JLX89

          @girish said in File Manager Blocked by Cloudflare:

          Don't really know much about the Cloudflare rules but just want to check if you have asked Cloudflare already? I couldn't find any info or docs on those ruleset/rule .

          Yes, they basically said that I'd need to whitelist the IP Address, but that doesn't seem to be working. I'm also wondering if it's because I'm on the free plan.

          I've tried various exclusion rules, but there seems to be no change.

          girishG Offline
          girishG Offline
          girish
          Staff
          wrote on last edited by
          #4

          @JLX89 I can't really reproduce this. I put the dashboard in Cloudflare proxy mode and filemanager works just fine for me.

          Do you have some custom WAF rules ? My WAF had no rules. I also use Full (Strict) SSL , not sure if that matters. You can change this in SSL -> Overview in Cloudflare.

          4561a760-8c27-484d-9a83-1682f6b85ade-image.png

          J 1 Reply Last reply
          0
          • girishG girish

            @JLX89 I can't really reproduce this. I put the dashboard in Cloudflare proxy mode and filemanager works just fine for me.

            Do you have some custom WAF rules ? My WAF had no rules. I also use Full (Strict) SSL , not sure if that matters. You can change this in SSL -> Overview in Cloudflare.

            4561a760-8c27-484d-9a83-1682f6b85ade-image.png

            J Offline
            J Offline
            JLX89
            wrote on last edited by JLX89
            #5

            @girish said in File Manager Blocked by Cloudflare:

            @JLX89 I can't really reproduce this. I put the dashboard in Cloudflare proxy mode and filemanager works just fine for me.

            Do you have some custom WAF rules ? My WAF had no rules. I also use Full (Strict) SSL , not sure if that matters. You can change this in SSL -> Overview in Cloudflare.

            4561a760-8c27-484d-9a83-1682f6b85ade-image.png

            Thanks for following up! No, no custom WAF rules turned on and I seem to have the same settings you mentioned. The only thing I'm seeing is "Managed rules" for the block and the following URL showing:

            /api/v1/apps/{APP-ID}/files/public/wp-config.php
            

            It only seems to be happening when I attempt to edit "wp-config.php" from the file manager -- nothing else.

            The full json log is:

            {
              "action": "block",
              "clientASNDescription": "[REMOVED]",
              "clientAsn": "[REMOVED]",
              "clientCountryName": "US",
              "clientIP": "[REMOVED]",
              "clientRequestHTTPHost": "my.cloudron.tld",
              "clientRequestHTTPMethodName": "GET",
              "clientRequestHTTPProtocol": "HTTP/3",
              "clientRequestPath": "/api/v1/apps/{APP-ID}}/files/public/wp-config.php",
              "clientRequestQuery": "",
              "datetime": "2023-04-20T22:54:30Z",
              "rayName": "7bb0f82d9b63387c",
              "ruleId": "9ce4e284ff2a486aaa37d642bff5a079",
              "rulesetId": "77454fe2d30c4220b5701f6fdfb893ba",
              "source": "firewallManaged",
              "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36",
              "matchIndex": 0,
              "metadata": [
                {
                  "key": "ruleset_version",
                  "value": "50"
                },
                {
                  "key": "version",
                  "value": "32"
                },
                {
                  "key": "type",
                  "value": "customer"
                }
              ],
              "sampleInterval": 1
            }
            

            Thank you!

            girishG 1 Reply Last reply
            0
            • J JLX89

              @girish said in File Manager Blocked by Cloudflare:

              @JLX89 I can't really reproduce this. I put the dashboard in Cloudflare proxy mode and filemanager works just fine for me.

              Do you have some custom WAF rules ? My WAF had no rules. I also use Full (Strict) SSL , not sure if that matters. You can change this in SSL -> Overview in Cloudflare.

              4561a760-8c27-484d-9a83-1682f6b85ade-image.png

              Thanks for following up! No, no custom WAF rules turned on and I seem to have the same settings you mentioned. The only thing I'm seeing is "Managed rules" for the block and the following URL showing:

              /api/v1/apps/{APP-ID}/files/public/wp-config.php
              

              It only seems to be happening when I attempt to edit "wp-config.php" from the file manager -- nothing else.

              The full json log is:

              {
                "action": "block",
                "clientASNDescription": "[REMOVED]",
                "clientAsn": "[REMOVED]",
                "clientCountryName": "US",
                "clientIP": "[REMOVED]",
                "clientRequestHTTPHost": "my.cloudron.tld",
                "clientRequestHTTPMethodName": "GET",
                "clientRequestHTTPProtocol": "HTTP/3",
                "clientRequestPath": "/api/v1/apps/{APP-ID}}/files/public/wp-config.php",
                "clientRequestQuery": "",
                "datetime": "2023-04-20T22:54:30Z",
                "rayName": "7bb0f82d9b63387c",
                "ruleId": "9ce4e284ff2a486aaa37d642bff5a079",
                "rulesetId": "77454fe2d30c4220b5701f6fdfb893ba",
                "source": "firewallManaged",
                "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36",
                "matchIndex": 0,
                "metadata": [
                  {
                    "key": "ruleset_version",
                    "value": "50"
                  },
                  {
                    "key": "version",
                    "value": "32"
                  },
                  {
                    "key": "type",
                    "value": "customer"
                  }
                ],
                "sampleInterval": 1
              }
              

              Thank you!

              girishG Offline
              girishG Offline
              girish
              Staff
              wrote on last edited by
              #6

              @JLX89 I think this goes beyond my knowledge of Cloudflare. But do you see this error with every app and every file ? Is still somehow specific to WordPress and/or wp-config.php ?

              J 1 Reply Last reply
              0
              • girishG girish

                @JLX89 I think this goes beyond my knowledge of Cloudflare. But do you see this error with every app and every file ? Is still somehow specific to WordPress and/or wp-config.php ?

                J Offline
                J Offline
                JLX89
                wrote on last edited by
                #7

                @girish No, it's just specifically accessing wp-config.php in the file manager with any WordPress site. Nothing else at the moment comes to mind that was blocked. I find it very odd.

                1 Reply Last reply
                0
                • J Offline
                  J Offline
                  JLX89
                  wrote on last edited by
                  #8

                  @girish So I actually seemed to have gotten this fixed, but still can't explain why that rule is blocking traffic. I'm actually not sure to what extend Cloudflare publishes information about the rules, so they're not circumvented.

                  So essentially I just "jiggled the handle" and flipped proxying on and off and did the same with the "Custom Firewall Rule" I created and it started working.

                  The expression for anyone else that seems to be having this issue is:

                  (http.request.uri.path eq "/api" and http.request.method eq "GET" and http.host eq "my.cloudron.tld" and ip.src eq {YOUR-IP-ADDRESS})
                  
                  1 Reply Last reply
                  1
                  • J JLX89 has marked this topic as solved on
                  • J Offline
                    J Offline
                    JLX89
                    wrote on last edited by JLX89
                    #9

                    This seems to be popping up again since the upgrade to Cloudron v7.5.0 with the updates to the file manager. It seems Cloudflare is back at it and blocking viewing / editing wp-config.php via the File Manager. Instead of seeing the default Cloudflare block page, it now seems to be showing within the file manager with the html/css of the Cloudflare Block Page.

                    Screenshot 2023-07-05 at 2.59.34 PM.png

                    Does anyone have any further thoughts on this?

                    1 Reply Last reply
                    0
                    • girishG Offline
                      girishG Offline
                      girish
                      Staff
                      wrote on last edited by
                      #10

                      7.5.0 has a new file manager . I guess Cloudflare rules have to be adjusted to adapt to this. Do you have any cloudflare logs like you had last time? I guess you need to write a rule to ask it not to block that page.

                      J 1 Reply Last reply
                      0
                      • girishG girish

                        7.5.0 has a new file manager . I guess Cloudflare rules have to be adjusted to adapt to this. Do you have any cloudflare logs like you had last time? I guess you need to write a rule to ask it not to block that page.

                        J Offline
                        J Offline
                        JLX89
                        wrote on last edited by
                        #11

                        @girish Thanks for following up with me on this! Yes, I've attempted to adjust the rules in place that worked previously but they're not working. I know that Cloudflare updated their Rules engine and have setup another test rule with some variations, still no luck.

                        The following is the excerpt from the Cloudflare log:

                        Ruleset: Cloudflare Managed Log4J Ruleset
                        Rule: Wordpress - Broken Access Control, File Inclusion

                        {
                        "action": "block",
                        "clientRequestHTTPMethodName": "GET",
                        "clientRequestHTTPProtocol": "HTTP/3",
                        "clientRequestPath": "/api/v1/apps/[app-id]/files/public/wp-config.php",
                        "clientRequestQuery": "?access_token=[access-token]",
                        "datetime": "2023-07-05T18:59:18Z",
                        "rayName": "7e21d82a9e5b2419",
                        "ruleId": "9ce4e284ff2a486aaa37d642bff5a079",
                        "rulesetId": "77454fe2d30c4220b5701f6fdfb893ba",
                        "source": "firewallManaged",
                        "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",
                        "matchIndex": 0,
                        "metadata": [
                        {
                        "key": "ruleset_version",
                        "value": "51"
                        },
                        {
                        "key": "version",
                        "value": "33"
                        },
                        {
                        "key": "type",
                        "value": "customer"
                        }
                        ],
                        "sampleInterval": 1
                        }

                        1 Reply Last reply
                        0
                        • J Offline
                          J Offline
                          JLX89
                          wrote on last edited by
                          #12

                          Alright, I've got another update and seemed to have reworked things so this is fixed. I've removed all of the old rules and created a new one under WAF Rules using the following:

                          (http.host eq "https://my.cloudron.tld" and ip.src eq 127.0.0.1 and http.request.uri.path contains "/filemanager/") or (http.request.uri.path contains "/api/v1/apps")

                          • Then take action: Skip
                          • Log matching requests: turned on
                          • WAF components to skip: All managed rules
                          • More components to skip: Managed rules (previous versions)

                          Note: Edit the items in bold to reflect your Cloudron Domain and your IP Address.

                          1 Reply Last reply
                          2
                          Reply
                          • Reply as topic
                          Log in to reply
                          • Oldest to Newest
                          • Newest to Oldest
                          • Most Votes


                          • Login

                          • Don't have an account? Register

                          • Login or register to search.
                          • First post
                            Last post
                          0
                          • Categories
                          • Recent
                          • Tags
                          • Popular
                          • Bookmarks
                          • Search