> ## Documentation Index
> Fetch the complete documentation index at: https://docs.loadforge.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Bypass CloudFlare Blocks

> How to prevent CloudFlare from blocking LoadForge with HTTP 403 errors

When using LoadForge to test your website's performance, Cloudflare's security measures may inadvertently block or interfere with the testing traffic. This can lead to inaccurate test results and hinder your ability to assess your site's performance under load. To prevent this, you can implement one of the following solutions to allow LoadForge's traffic through Cloudflare without compromising your website's security.

## 1. Temporarily Disable Cloudflare Protection

Temporarily lowering or disabling Cloudflare's security settings during your testing period ensures that LoadForge's traffic is not blocked.

### Instructions

1. **Access Your Cloudflare Dashboard**:
   * Log in to your [Cloudflare dashboard](https://dash.cloudflare.com/) and select the website you want to test.

2. **Lower Security Settings**:
   * Navigate to the **Security** section.
   * Go to **WAF** > **Settings**.
   * Adjust the **Security Level** to **Essentially Off** or **Low**.

3. **Disable Specific Features (Optional)**:
   * If needed, you can also disable **Bot Fight Mode** or **Rate Limiting** under the **Bots** and **Rate Limiting** sections, respectively.

4. **Run Your LoadForge Tests**:
   * Perform your load testing while the security settings are reduced.

5. **Revert Security Settings**:
   * After testing, revert the security settings to their original levels to re-enable full protection.

### Pros

* **Quick Implementation**: Easy to execute without advanced configuration.
* **Immediate Effect**: Changes take effect promptly, allowing for immediate testing.

### Cons

* **Reduced Security**: Temporarily exposes your website to potential threats.
* **Manual Reversion Needed**: Requires you to remember to restore security settings afterward.

***

## 2. Whitelist LoadForge IP Ranges

By whitelisting LoadForge's IP ranges, you allow its testing traffic while maintaining normal security measures for other visitors.

### Instructions

1. **Obtain LoadForge IP Ranges**:
   * Visit LoadForge's [IP Ranges page](https://loadforge.com/docs/ip-ranges) to get the list of IP addresses used for testing.

2. **Access Cloudflare Dashboard**:
   * Log in to your [Cloudflare dashboard](https://dash.cloudflare.com/) and select your website.

3. **Navigate to IP Access Rules**:
   * Go to **Security** > **WAF** > **Tools**.

4. **Add IP Ranges to Whitelist**:
   * Under **IP Access Rules**, click **Add**.
   * Enter each LoadForge IP range.
   * Set the action to **Allow**.
   * Choose **This Website** under **Zone** to apply the rule only to your site.

5. **Save Changes**:
   * Confirm and save each entry to update your firewall rules.

### Pros

* **Targeted Allowance**: Only LoadForge's IP addresses are permitted, keeping your site secure from other sources.
* **Set and Forget**: Once configured, no need to adjust settings for future tests unless IP ranges change.

### Cons

* **Maintenance Required**: LoadForge may update their IP ranges, necessitating updates on your end.
* **IP Spoofing Risk**: Though minimal, there's a potential risk if an attacker spoofs a whitelisted IP.

***

## 3. Add and Whitelist a Custom Header

Instruct LoadForge to send a custom HTTP header with its requests and configure Cloudflare to allow traffic containing this header.

### Instructions

1. **Set Up Custom Header in LoadForge**:
   * Log in to your [LoadForge account](https://loadforge.com/login).
   * Navigate to your test configuration.
   * Add a custom header (e.g., `X-LoadForge-Test: true`). Refer to LoadForge's [Custom Headers documentation](https://loadforge.com/docs/custom-headers) for detailed steps.

2. **Access Cloudflare Dashboard**:
   * Log in to your [Cloudflare dashboard](https://dash.cloudflare.com/) and select your website.

3. **Create a WAF Custom Rule**:
   * Go to **Security** > **WAF** > **Custom Rules**.
   * Click **Create Rule**.

4. **Configure the Rule**:
   * **Rule Name**: Enter a descriptive name like "Allow LoadForge Testing".
   * **When incoming requests match...**:
     * **Field**: Select **HTTP Request Header**.
     * **Operator**: Choose **Equals**.
     * **Value**: Enter the custom header and its value (e.g., `X-LoadForge-Test: true`).
   * **Then...**:
     * **Action**: Select **Allow**.

5. **Deploy the Rule**:
   * Save and deploy the rule to activate it immediately.

### Pros

* **Secure Method**: Only requests with the specific header are allowed, minimizing security risks.
* **No IP Management**: Eliminates the need to track and update IP ranges.

### Cons

* **Complex Setup**: Requires precise configuration on both LoadForge and Cloudflare.
* **Header Exposure Risk**: If the custom header becomes known, malicious actors could potentially exploit it.

***

By implementing one of these methods, you can ensure that Cloudflare does not interfere with LoadForge's testing traffic, allowing for accurate and effective performance assessments of your website.