How to Monitor Websites Behind Cloudflare (Unblocking Guide)

Why Cloudflare Blocks Monitoring Tools

If your website uses Cloudflare and your uptime monitor shows Blocked (403), Cloudflare Error (520-524), or Connection Refused, Cloudflare's security features are likely blocking the monitoring requests.

This happens because Cloudflare treats automated HTTP requests from monitoring tools the same way it treats bots — with challenge pages, rate limiting, or outright blocks.

Common Cloudflare Error Codes

How to Whitelist Visual Sentinel in Cloudflare

Method 1: IP Access Rules (Recommended)

1. Log in to your Cloudflare Dashboard
2. Select your domain
3. Go to Security → WAF → Tools
4. Under IP Access Rules, click Add
5. Add the Visual Sentinel monitoring IP: 157.180.59.176
6. Set action to Allow
7. Add a note: "Visual Sentinel Monitoring"
8. Click Add

Method 2: Firewall Rules (More Granular)

If you want to allow monitoring only for specific paths:

1. Go to Security → WAF → Custom Rules
2. Create a new rule:
   • Rule name: Allow Visual Sentinel
   • Expression: (ip.src eq 157.180.59.176)
   • Action: Skip (select all remaining custom rules)
3. Save and deploy

Method 3: Allow the User-Agent

Visual Sentinel uses a custom User-Agent header. You can whitelist it:

1. Go to Security → WAF → Custom Rules
2. Create a rule:
   • Expression: (http.user_agent contains "VisualSentinel")
   • Action: Allow
3. Save and deploy

Cloudflare Bot Management

If you're on a Cloudflare plan with Bot Management (Business or Enterprise):

1. Go to Security → Bots
2. Under Configure Bot Management, add an exception for Visual Sentinel's IP
3. Alternatively, set the bot score threshold higher for monitoring IPs

Under Attack Mode

If you have Cloudflare's Under Attack Mode enabled, it will block ALL automated requests including monitors. Options:

• Temporarily disable Under Attack Mode for monitoring
• Use IP Access Rules (Method 1 above) — these override Under Attack Mode
• Use a Cloudflare Worker to bypass challenge pages for known monitoring IPs

Verifying It Works

After whitelisting:

1. Go to your monitor in Visual Sentinel
2. Click Refresh to trigger a manual check
3. You should see Operational with a 200 status code
4. If still blocked, check Cloudflare's Security → Events to see if the request is still being challenged

Monitoring Behind Cloudflare: Best Practices

1. Always whitelist by IP — User-Agent whitelisting can be spoofed by attackers
2. Monitor from multiple regions — Ensure all Visual Sentinel check locations are whitelisted
3. Use Follow Redirects — Cloudflare may redirect HTTP to HTTPS; enable "Follow Redirects" in your monitor settings
4. Set appropriate timeouts — Cloudflare adds ~50-100ms latency; set your timeout to at least 10 seconds
5. Check your origin too — If Cloudflare returns 521/522, the issue is your origin server, not Cloudflare

Frequently Asked Questions

Why does my monitor show Blocked (403) even though my site is up?

Cloudflare's Web Application Firewall (WAF) blocks requests it considers suspicious. Monitoring tools make frequent, automated HTTP requests which trigger Cloudflare's bot detection. The solution is to whitelist the monitoring IP address in your Cloudflare dashboard.

Do I need to whitelist all Visual Sentinel IPs?

Currently, Visual Sentinel monitors from a single IP: 157.180.59.176. If you're monitoring from multiple regions, all check locations use this same IP for outbound requests.

Will whitelisting the monitoring IP create a security risk?

No. Whitelisting a single known IP only allows that IP to bypass Cloudflare's bot challenges. It does not disable any other security features like DDoS protection, WAF rules for other IPs, or SSL enforcement.

Need Help?

If you're still having issues after following this guide, contact our support team or check your Cloudflare security events log for the specific block reason.