403 forbidden on zero trust tunnel | Cloudflare Developers | Page 1

cobalt oriole Oct 11, 2024, 1:24 PM

#

Hi, I'm setting up a tunnel, that successfully points to my node app running locally.
There's a file upload section in the app, and when I try to upload files I get a 403 forbidden error on the browser client. No errors server side, so I suspect the call never arrives to the server. Any ideas about what that could be? I have full TLS encryption.

#

locally everything works

vocal shell Oct 11, 2024, 1:26 PM

#

is it a cloudflare page 403? if so maybe you have some rules somewhere blocking uploads

cobalt oriole Oct 11, 2024, 1:27 PM

#

no it's a console error

vocal shell Oct 11, 2024, 1:27 PM

#

yeah but 403 could be returned by either cloudflare or your server

cobalt oriole Oct 11, 2024, 1:27 PM

#

vocal shell Oct 11, 2024, 1:28 PM

#

can you log every request you get (on server), succsessful or not? that way you can determine if its cloudflare

gleaming umbra Oct 11, 2024, 1:30 PM

#

include all response headers please

#

in particular the cf-cache-status header

cobalt oriole Oct 11, 2024, 1:36 PM

#

#

i have it DYNAMIC

brave jetty Oct 11, 2024, 2:58 PM

#

cobalt oriole

have you checked your waf

cobalt oriole Oct 11, 2024, 2:59 PM

#

brave jetty have you checked your waf

hi! what's the waf? apologies it's the first time i'm setting up a tunnel

#

ah the firewall? i'm looking into that

#

no i don't have it as it's a pro feature

brave jetty Oct 11, 2024, 3:02 PM

#

cobalt oriole hi! what's the waf? apologies it's the first time i'm setting up a tunnel

brave jetty Oct 11, 2024, 3:02 PM

#

cobalt oriole no i don't have it as it's a pro feature

its a free feature also

cobalt oriole Oct 11, 2024, 3:02 PM

#

you're right, I just checked and I have no rules

brave jetty Oct 11, 2024, 3:04 PM

#

okay

#

its tcp or udp uploads?

#

do you use local proxy?

#

upload size?

cobalt oriole Oct 11, 2024, 3:10 PM

#

it's a 4.4mb mp3, i don't use local proxy

#

it's tcp i think, but i'm not sure. it's an html page upload

#

I'm thinking, maybe do i have to add these routes in the DNS? I have a post request API /api/upload for example. Do I have to add them in the tunnel configuration? as I just added the main index page

gleaming umbra Oct 11, 2024, 3:25 PM

#

cobalt oriole i have it DYNAMIC

then the error came from your webserver

brave jetty Oct 11, 2024, 3:26 PM

#

cobalt oriole I'm thinking, maybe do i have to add these routes in the DNS? I have a post requ...

#

its from your code

cobalt oriole Oct 11, 2024, 3:26 PM

#

brave jetty

yes it's a POST request

#

not a get

#

try a POST request

gleaming umbra Oct 11, 2024, 3:27 PM

#

the fact you have a cf-cache-status header is evidence the error came from your origin

cobalt oriole Oct 11, 2024, 3:27 PM

#

gleaming umbra then the error came from your webserver

ok but the request never gets to my webserver

gleaming umbra Oct 11, 2024, 3:27 PM

#

403s dont grow on trees

brave jetty Oct 11, 2024, 3:28 PM

#

how do you know that

#

you will have to log it

#

or see tunnel logs

cobalt oriole Oct 11, 2024, 3:28 PM

#

i can check tunnel logs

brave jetty Oct 11, 2024, 3:28 PM

#

yes

cobalt oriole Oct 11, 2024, 3:29 PM

#

i've set up a consol log when that request is called on my webserver and it's never called when I do it through tunnels

cobalt oriole Oct 11, 2024, 3:29 PM

#

brave jetty yes

ok let me check thos

#

i logged the 403

#

📎 connector_logs_table.csv

brave jetty Oct 11, 2024, 3:36 PM

#

cobalt oriole i logged the 403

your server issue

#

its not finding the logic

cobalt oriole Oct 11, 2024, 3:39 PM

#

ok

#

thanks i'll look into that

#

it does this error only on the CF instance though

#403 forbidden on zero trust tunnel