Cloudflare error 1000 is usually triggered when incorrect records are added to the Domain’s DNS zone.
As a part of our Server Management Services, we have helped online service providers to fix several similar Cloudflare errors.
Today, let’s discuss some tips to fix the “error 1000 DNS points to prohibited IP”.
What causes Cloudflare error 1000?
Cloudflare users sometimes notice the following error after a recent DNS change.
The above error message generally triggers when an account is moved from one Cloudflare account to another one. It indicates that the recent change made in DNS contains some invalid records which made the website point to a prohibited IP address. General scenarios where this message is seen includes:
- A record within the Cloudflare DNS app points to a Cloudflare IP address.
- Cloudflare DNS A or CNAME record references another reverse proxy that then proxies the request to Cloudflare a second time.
- The request X-Forwarded-For header is longer than 100 characters.
- The request includes two X-Forwarded-For headers.
X-Forwarded-For maintains proxy server and original visitor IP addresses. It generally contains the information on the original visitor IP address and proxy server IP addresses provided to Cloudflare via the X-Forwarded-For header.
Lets now look at some tips to fix this error.
How to fix the Cloudflare error 1000?
As DNS records at Cloudflare end are the primary reasons for this error, the first thing to do is to cross-check the DNS record added to the domain in Cloudflare.
Make sure that the A record added to the domain is pointing to the origin server IP address. Do not add any Cloudflare IP address as A record in the DNS area. If an A record within your Cloudflare DNS app points to a Cloudflare IP address, update the IP address to your origin web server IP address.
Also, make sure that the domain has the nameservers pointed only to the Cloudflare end.Do not configure any external nameservers along with Cloudflare nameservers, which can cause hindrance with the DNS resolution
Also, remove any duplicate entry of DNS records from the DNS management area. For instance, if there is more than one A record set for a single hostname, remove the duplicate entries.
Alternatively, if the origin server has a reverse-proxy that sends the request back through the Cloudflare proxy, it can also trigger the error 1000. To fix this, we will need to replace the reverse-proxy setup with a simple http redirection at the origin server.
[Need assistance to fix Cloudflare errors? We’ll help you.]
Conclusion
In short, the Cloudflare error 1000 triggers due to incorrect DNS entries added to the domain’s DNS zone. Today, we discussed some tips that our Support Engineers follow to fix the error message.
PREVENT YOUR SERVER FROM CRASHING!
Never again lose customers to poor server speed! Let us help you.
Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.
GET STARTED
var google_conversion_label = «owonCMyG5nEQ0aD71QM»;
because of SEO I have setup a reverse proxy that works fine:
The setup is as follows:
1) http://www.example.com (node.js hosted at heroku)
2) http://blog.example.com (wordpress hosted at godaddy)
3) visitors accessing http://www.example.com/blog get content from http://blog.example.com.
This works fine and at 1) I also have the proxy working with the popular nodejitsu htt-proxy and httpProxyRules modules:
// Set up proxy rules instance
var proxyRules = new httpProxyRules({
rules: {
'.*/blog': 'https://blog.example.com', // Rule (1)
},
default: 'https://www.example.com' // default target
});
// Create reverse proxy instance
var proxy = httpProxy.createProxy();
// Create http server that leverages reverse proxy instance
// and proxy rules to proxy requests to different targets
http.createServer(function(req, res) {
// a match method is exposed on the proxy rules instance
// to test a request to see if it matches against one of the specified rules
var target = proxyRules.match(req);
if (target) {
return proxy.web(req, res, {
target: target,
changeOrigin: true,
});
}
res.writeHead(500, { 'Content-Type': 'text/plain' });
res.end('The request url and path did not match any of the listed rules!');
}).listen(6010);
Then I tried adding Cloudflare SSL certificates so I could have https. I know that Cloudflare acts as a reverse-proxy itself. So in total I would have 3 reverse-proxies in my setup, 1), 2) (both with Cloudflare’s reverse-proxy) and 3) (my custom reverse-proxy).
Separately, both 1) and 2) worked fine with https. However, 3) broke.
For 3), I keep getting the error:
Error 1000 — DNS points to prohibited IP
What is going on and how should I proceed to solve this problem?
Along the lines of @jamo and this: https://sskaje.me/2016/08/error-1000-cloudflare/ I’m currently deleting the following headers for my proxy request and it appears to work. Haven’t experimented further and not sure what the cons of this are (it feels very hacky), but you might want to try it. If you’re using express and express-http-proxy this my solution:
import proxy from 'express-http-proxy';
const app = express();
app.use(
'/api',
proxy(<api url>, {
proxyReqOptDecorator: (proxyReqOpts, srcReq) => {
[
'cf-connecting-ip',
'cf-ipcountry',
'cf-visitor',
'cf-ray',
'x-forwarded-for',
'x-forwarded-proto',
].forEach(header => {
if (proxyReqOpts.headers[header]) {
delete proxyReqOpts.headers[header];
}
});
return proxyReqOpts;
},
}),
);
Note: deleting just the cf-ray header did not fix it for me. If anyone finds that not all these headers need to be deleted, please let us know