I am currently working on my first proper project (still a hobby for me, so if I am doing some dumb rookie mistake, I apologize in advance ) but yesterday I did a lot of testing on prod, and after a few hours of work, I got this error:
My app is not in attack challenge mode or anything, I tried clearing out cache, restarting my computer, deleting any tokens, that might have been saved in cookies, waiting around 12 hours, but I am still getting this error.
I dont think its caused by some bug in my code, since I was able to open the app in a different browser yesterday, now it shows the same error on Safari as it started yesterday on chrome.
Also tried to open the app in a incognito mode, but the result was the same.
Unfortunately, there is not much information about this issue on Stack overflow or anything like that, but is my understanding correct, that vercel blocked me due to my higher activity (to be honest i wasnt doing anything too hardcore, but I was playing around with Cloudflare settings, so maybe that could be it?) and i should be unblocked within couple of hours/a few days? Or is there something I should do in order to be unblocked, or the cause of the issue is something completely different?
What does this mean? Are you putting Cloudflare in front of Vercel? You should generally never need to do that, as it just adds latency (requests are routed to Cloudflareās CDN+Firewall before they hit Vercelās CDN+Firewall) as well as batching all the requests to come from a single region (CF) which makes it more likely to trigger our DDOS protection
Hi, thanks a lot for the clarification and your help!
Yes, I currently have Cloudflare in front of Vercel ā mainly to take advantage of custom WAF rules and additional security features. I understand now that this setup can result in all traffic coming from a single Cloudflare edge location, which may trigger Vercelās DDoS protection ā that might explain whatās happening.
Iāve been using this setup for about a month without any issues until now. I was doing some testing on Sunday (including DNS adjustments and a few security rule changes on Cloudflare), and shortly after, I got rate-limited or blocked.
Is this temporary, and will it resolve on its own after some time?
Thanks again for the support!
Have you looked at Vercel Firewall? If so Iād be interested to know any rules you feel you canāt set up there that you need CF for: there should be complete parity and if there isnāt, itās a feature we need to implement. We recently rolled out our Verified Bots directory so you have fine grained control over which AI crawlers you want to give access to and which you want to deny
In the meantime, can you share which of your projects this is happening to? Iāll see if I can override the block
Thanks again for your support!
My projects name is āelektronicka-kniha-urazuā. Could you please take a look at it and see if you can unblock me, because I still cant access the page.
To answer to your first question - I mainly choose CF because of the possibility to implement more specific custom rules like geo based access control, at least basic rate limiting and more detailed logs.
But thanks a lot for the tip! I will take another deeper look at the vercelās security options!