Keep seeing Forbidden 403 from Cloudflare?

Shows up sometimes, after a few updates it goes away … Is there a reason for this?

Hey Riha. Could you share a Ray-ID for a request that gets blocked? Feel free to DM me.

I’m seeing the same issue after setting up Fastly CDN in front or my Render service a couple days ago. The issue is intermittent and Fastly has confirmed that it’s not on their end as far as they can tell.

@riha the issue in my cased ended up being a hostname mismatch with the CDN. We have a custom domain name pointing to the CDN and the CDN was forwarding to my-service.onrender.com, but passing through the custom domain name unmodified in the host header. Render’s Cloudflare setup has a sanity check that matches the TLS certificate domain name (my-service.onrender.com) with the host header then rejects the request with a 403. Confusingly it on occasionally causes issues. The fix was to override the host header to match the Render service name.

I experienced a similar issue with the 403 error. We have an app running on render that sits behind an nginx proxy of our main website. The plan was to have a particular part of the website, at a given path, to be served by render.

Within render, you can add custom domains, but you have to set a DNS record and verify, which won’t work for us, as the main website points elsewhere. The solution I currently have in mind is to override the host header in the nginx proxy pass to use the onrender.com domain assigned to the app:

proxy_set_header Host oursite.onrender.com;

Does anyone know of an alternative solution?

If it’s behind a proxy then using the onrender.com should be fine as it would never be exposed directly,

Regards,

John B