Hosted N8N Blocked by Cloudflare - Any options?

Describe the problem/error/question

A client’s website is under heavy attack by spam bots (e-commerce site), so they’ve enabled bot protection via Cloudflare. However, this bot protection is also blocking requests from N8N using the WooCommerce node.

My understanding is that N8N hosted doesn’t have static IPs, so I’m wondering if there’s a solution to this? The client can’t turn off the bot protection, but needs the N8N workflows to be running.

What is the error message (if any)?

ERROR: Forbidden - perhaps check your credentials?

Just a moment… Enable JavaScript and cookies to continue (function(){ window._cf_chl_opt={ cvId: ‘2’, cZone: ‘[redacted]’, cType: ‘managed’, cNounce: ‘[redacted]’, cRay: ‘[redacted]’, cHash: ‘[redacted]’, cUPMDTk: “/wp-json/wc/v3/orders/11848?__cf_chl_tk=[redacted]”, cFPWv: ‘g’, cTTimeMs: ‘1000’, cMTimeMs: ‘0’, cTplV: 5, cTplB: ‘cf’, cK: “”, cRq: { ru: ‘[redacted]’, ra: ‘[redacted]’, rm: ‘UFVU’, d: ‘[redacted]’, zh: ‘[redacted]’, uh: ‘[redacted]’, hh: ‘[redacted]’, } }; var trkjs = document.createElement(‘img’); trkjs.setAttribute(‘src’, ‘/cdn-cgi/images/trace/managed/js/transparent.gif?ray=[redacted]’); trkjs.setAttribute(‘alt’, ‘’); trkjs.setAttribute(‘style’, ‘display: none’); document.body.appendChild(trkjs); var cpo = document.createElement(‘script’); cpo.src = ‘/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=[redacted]’; window._cf_chl_opt.cOgUHash = location.hash === ‘’ && location.href.indexOf(‘#’) !== -1 ? ‘#’ : location.hash; window._cf_chl_opt.cOgUQuery = === ‘’ && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf(‘?’) !== -1 ? ‘?’ :; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, “/wp-json/wc/v3/orders/11848?__cf_chl_rt_tk=[redacted]” + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName(‘head’)[0].appendChild(cpo); }());

Please share your workflow


Share the output returned by the last node


Information on your n8n setup

  • n8n version: 0.228.2
  • Database (default: SQLite): Hosted
  • n8n EXECUTIONS_PROCESS setting (default: own, main): Hosted
  • Running n8n via (Docker, npm, n8n cloud, desktop app): Hosted
  • Operating system: Hosted

I’m having the same issue; I disabled Cloudflare protection so I could use Google Sheets. I’m keen to see what other people have done to use Cloudflare with n8n.

Hey @scottyb & @dongphuchaitrieu,

If you are using n8n cloud adding the 4 IPs below to your allow list should help.

These can be found here: Set up Cloud | n8n Docs


Thanks - is it perhaps worth letting Cloudflare know it’s a friendly bot?

That is not a bad idea but has other issues, As n8n is freely available you could if you wanted to use it for anything you want so if we were to register it someone could ruin it for everyone else and have it revoked.

1 Like

Ah, that makes sense, hadn’t thought of that


I’m a self-hosted n8n with Cloudflare; allowing those 4 IPs will make it work, right?

Hey @dongphuchaitrieu,

Should do.

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.