Hosted N8N Blocked by Cloudflare - Any options?

scottyb · June 15, 2023, 7:40am

Describe the problem/error/question

A client’s website is under heavy attack by spam bots (e-commerce site), so they’ve enabled bot protection via Cloudflare. However, this bot protection is also blocking requests from N8N using the WooCommerce node.

My understanding is that N8N hosted doesn’t have static IPs, so I’m wondering if there’s a solution to this? The client can’t turn off the bot protection, but needs the N8N workflows to be running.

What is the error message (if any)?

ERROR: Forbidden - perhaps check your credentials?

Just a moment… Enable JavaScript and cookies to continue (function(){ window._cf_chl_opt={ cvId: ‘2’, cZone: ‘[redacted]’, cType: ‘managed’, cNounce: ‘[redacted]’, cRay: ‘[redacted]’, cHash: ‘[redacted]’, cUPMDTk: “/wp-json/wc/v3/orders/11848?__cf_chl_tk=[redacted]”, cFPWv: ‘g’, cTTimeMs: ‘1000’, cMTimeMs: ‘0’, cTplV: 5, cTplB: ‘cf’, cK: “”, cRq: { ru: ‘[redacted]’, ra: ‘[redacted]’, rm: ‘UFVU’, d: ‘[redacted]’, zh: ‘[redacted]’, uh: ‘[redacted]’, hh: ‘[redacted]’, } }; var trkjs = document.createElement(‘img’); trkjs.setAttribute(‘src’, ‘/cdn-cgi/images/trace/managed/js/transparent.gif?ray=[redacted]’); trkjs.setAttribute(‘alt’, ‘’); trkjs.setAttribute(‘style’, ‘display: none’); document.body.appendChild(trkjs); var cpo = document.createElement(‘script’); cpo.src = ‘/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=[redacted]’; window._cf_chl_opt.cOgUHash = location.hash === ‘’ && location.href.indexOf(‘#’) !== -1 ? ‘#’ : location.hash; window._cf_chl_opt.cOgUQuery = location.search === ‘’ && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf(‘?’) !== -1 ? ‘?’ : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, “/wp-json/wc/v3/orders/11848?__cf_chl_rt_tk=[redacted]” + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName(‘head’)[0].appendChild(cpo); }());

Please share your workflow

n/a

Share the output returned by the last node

n/a

Information on your n8n setup

n8n version: 0.228.2
Database (default: SQLite): Hosted
n8n EXECUTIONS_PROCESS setting (default: own, main): Hosted
Running n8n via (Docker, npm, n8n cloud, desktop app): Hosted
Operating system: Hosted

dongphuchaitrieu · June 15, 2023, 7:44am

I’m having the same issue; I disabled Cloudflare protection so I could use Google Sheets. I’m keen to see what other people have done to use Cloudflare with n8n.

Jon · June 15, 2023, 8:56am

Hey @scottyb & @dongphuchaitrieu,

If you are using n8n cloud adding the 4 IPs below to your allow list should help.

20.79.227.226
20.79.72.36
20.113.47.122
20.218.202.73

These can be found here: Set up Cloud | n8n Docs

scottyb · June 16, 2023, 9:17am

Thanks - is it perhaps worth letting Cloudflare know it’s a friendly bot?

Jon · June 16, 2023, 9:37am

That is not a bad idea but has other issues, As n8n is freely available you could if you wanted to use it for anything you want so if we were to register it someone could ruin it for everyone else and have it revoked.

scottyb · June 16, 2023, 9:48am

Ah, that makes sense, hadn’t thought of that

dongphuchaitrieu · June 17, 2023, 12:21am

I’m a self-hosted n8n with Cloudflare; allowing those 4 IPs will make it work, right?

Jon · June 19, 2023, 8:30am

Hey @dongphuchaitrieu,

Should do.

system · September 17, 2023, 8:31am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.