Cloudflare error - IP banned?

[Henning Verbeek]

Hi there,

I'm the developer of https://github.com/skalio/grunt-fetch-browscap, a Grunt-task to fetch and locally deploy browscap.ini files. We want to use it during the build process of webapps. Unrelated to this email, but I'm happy to get feedback on this.

It's not finished yet, but in the latest version it caches the version number and will only fetch files if the version at browscap.org has changed. It works fine on my development machines, as well as some of our hosts in the datacenter.

Unfortunately, when the code is running on the CI server, it receives a HTTP 521 response from Cloudflare:

$ curl -s -v http://browscap.org/version-number
* About to connect() to browscap.org port 80 (#0)
* Trying 104.28.17.219...
* connected
* Connected to browscap.org (104.28.17.219) port 80 (#0)
> GET /version-number HTTP/1.1
> User-Agent: curl/7.26.0
> Host: browscap.org
> Accept: */*
>
* additional stuff not fine transfer.c:1037: 0 0
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 521 Origin Down
< Date: Thu, 17 Dec 2015 18:46:22 GMT
< Content-Type: text/html; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: __cfduid=d261f18ebd0fac11f7ac67aa350239d8c1450377982; expires=Fri, 16-Dec-16 18:46:22 GMT; path=/; domain=.browscap.org; HttpOnly
< Expires: Thu, 01 Jan 1970 00:00:01 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< X-Frame-Options: SAMEORIGIN
< Server: cloudflare-nginx
< CF-RAY: 2564ca55e96126a2-FRA

Some of the IPs that don't work:
148.251.183.225
148.251.183.226
148.251.183.227
2a01:4f8:211:e4::2

But others work fine, from the same subnets:
148.251.183.228
2a01:4f8:211:e2::2
2a01:4f8:211:e3::2

If these are bans due to rate limits, I cannot imagine how anything but 148.251.183.226 (jenkins is behind that) would have made requests towards browscap.org...

Could you please be so kind and check if you are aware of IP bans? Or is this an issue between our datacenter and Cloudflare?

Thank you,
Henning

[James Titcumb]

Hi Henning,

We don't have any temporary or permanent bans in the browscap.org website database, so it's not from our end.

A 521 usually means that our site has gone down temporarily for some reason, but hopefully should've stabilised by now, whatever it might've been. I don't think we have much control over CloudFlare though, so I guess wait and see if it carries on? :)

Not much help, I know, sorry!

Thanks

James

--
You received this message because you are subscribed to the Google Groups "browscap" group.
To unsubscribe from this group and stop receiving emails from it, send an email to browscap+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/browscap/1a9010ca-e7dc-4287-a080-d14463a0b207%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Henning Verbeek]

On Friday, December 18, 2015 at 12:25:56 PM UTC+1, James Titcumb wrote:
> A 521 usually means that our site has gone down temporarily for some reason, but hopefully should've stabilised by now, whatever it might've been. I don't think we have much control over CloudFlare though, so I guess wait and see if it carries on? :)

The strange thing is that I get HTTP 200 from one box and HTTP 521 from the one (literally) next to it - consistently. From another box I get HTTP 200 using IPv4 and HTTP 521 using IPv6 - from the same box! I'll open a ticket with my hosting provider, but I doubt they are involved in this...

[Henning Verbeek]

According to cloudflare, it is possible to blacklist IPs within their service. Would it be possible for you to check maybe? Thanks a lot!

[James Titcumb]

If it helps, I don't think we have anything on IPv6 yet...

--
You received this message because you are subscribed to the Google Groups "browscap" group.
To unsubscribe from this group and stop receiving emails from it, send an email to browscap+u...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/browscap/6ee5e693-52e9-4235-b68f-976c08a378e7%40googlegroups.com.

[Henning Verbeek]

I've opened a ticket with Cloudflare (https://support.cloudflare.com/hc/requests/710537), let's see what they will say.

[Henning Verbeek]

On Monday, December 21, 2015 at 9:59:38 AM UTC+1, Henning Verbeek wrote:
> I've opened a ticket with Cloudflare (https://support.cloudflare.com/hc/requests/710537), let's see what they will say.

James,
Cloudflare came back:

> Hi,
>
> Thanks for looking into this, you mentioned you spoke with the origin site owner. If you could ask him to raise a ticket with this information and we will work with him to get it resolved.
>
> Unfortunately for security reasons, I cannot give any information to you as you are not associated with the domain.
>
> Damian
> Support Engineer | CloudFlare

Would you mind opening a ticket with them? I can try to cc: you on the original ticket, so you can copy the details into the new ticket.

Your help is much appreciated!
Cheers,
Henning

[James Titcumb]

CloudFlare have asked...

Hi, 

Can you ask if the user is able to provide a traceroute or mtr when they are experiencing the issue? Thanks.
Kind Regards,
Bhavin

Thanks

James 

[James Titcumb]

Hi Henning,

This issue should now be resolved. Looks like Fail2Ban was misconfigured and blocking some CloudFlare IPs.

Please can you see if everything is fixed your end?

Thanks

James

[Henning Verbeek]

On Monday, December 28, 2015 at 1:14:20 PM UTC+1, James Titcumb wrote:
> This issue should now be resolved. Looks like Fail2Ban was misconfigured and blocking some CloudFlare IPs.
>
>
> Please can you see if everything is fixed your end?

Hi James,

sorry for not getting back to you earlier!! I just checked and everything is fine again. Thanks a lot for fixing this.

Cheers,
Henning