Recently, the video on my site’s hero banner stops loading. I am suspecting there is an issue with proxied Cloudflare DNS because the proxied site https://aaanh.{com, ca} cannot load it but the https://main-site-src.vercel.app is able to load.
Last known working date is around June 1st, 2025. I only noticed the misbehavior around June 18th, 2025.
I have tried on Google Chrome, Firefox, Safari.
I have tried incognito mode, purging cache on Cloudflare side, but I have not tried disabling the proxy on Cloudflare – which is my requirement. Also I tried loading the video directly through https://aaanh.com/hero-movie.mp4 which still doesn’t load
Cloudflare security is set to Full (strict).
Project is using: Next.js 15 + React 19. Production environment.
The domain troubleshooting guide can help with most custom domain configuration issues. You might be able to use that guide to solve it before a human is available to help you. Then you can come back here and share the answer for bonus points.
You can also use v0 to narrow down the possibilities.
After finagling around, I was able to narrow down to the issue being Cloudflare’s fault.
On Cloudflare dashboard, I ran a trace against the endpoint https://aaanh.com/hero-movie.mp4 and saw that it was blocked by the Super Bot Fight ruleset on Cloudflare.
With the proxy still enabled, I disabled the all 3 bot prevention rules on the dashoard (screenshot) along with enabling Development mode which bypasses any cache.
Finally, I purged all cache on Cloudflare again.
After which, I purged the browser (client) cache to be sure and the video has finally been able to load again.
Then I disabled the Development mode on Cloudflare and the issue resurfaces again intermittenly.
In case it’s helpful, we actually just rolled out our Bot ID detection SDK which will give you fine grained control over which bots you block or remove directly within Vercel
In general, layering two firewalls (Cloudflare and Vercel) will cause problems because each acts as either a source or destination proxy that prevents traffic from being properly triaged, so unless you have a corporate requirement to use CF’s firewall specifically then you may be able to use Vercel’s Firewall (WAF, DDoS protection, and now Bot Identification too)
Thank you for the suggestions and insights. The more I test the setup (turning combinations of configs off and on), the more I’m convinced it’s Cloudflare that’s blocking the request for the video asset from even hitting Vercel (Screenshot of the trace on CF’s side)
I guess it’s something that was changed on how CF handles bot protection without much notice since the error only started happening recently. I don’t think it’s the direct consequence of sandwiching CF and Vercel firewalls, but I’m a bit annoyed at CF now, so I’ll switch to only Vercel firewall for the time being.
Although my personal site doesn’t have the corpo requirements to mandate CF proxy, my setup more or less reflects the configurations I do at work, so this is something we might need to discuss more internally
Edit: I managed to bypass CF Super Bot Fight Mode, which is only manageable with a Pro and up plan, by having a custom WAF rule on CF to skip evaluating rules including the Super Bot Fight specifically for that video asset’s URI.
(Screenshot of the trace on CF’s side)
