Cloudflare provides a helpful layer of security and performance for websites and APIs hosted on ASP.NET Core. However, you may encounter the frustrating Error 1020 Access Denied at times.
This article covers common reasons for the error, troubleshooting steps, and configuration tips to resolve Error 1020 in ASP.NET Core apps protected by Cloudflare.
Why Does the Error 1020 Access Denied Happen?
Cloudflare generates the 1020 error for security reasons - to block traffic it judges as suspicious or malicious. Some common trigger reasons:
The error is Cloudflare's way of protecting the origin server from potential attacks or abuse.
However, legitimate users can also inadvertently trigger the block. The key is figuring out why and tweaking the Cloudflare or app config.
Troubleshooting Steps
Follow these steps to troubleshoot and fix Cloudflare's Error 1020 access denied:
1. Check Cloudflare Dashboard
First, log into the Cloudflare dashboard and browse to the domain causing issues. Inspect the analytics and security event logs for clues.
See if any unusual traffic spikes, security threats, or banned IP addresses stand out around the times users reported Error 1020.
2. Adjust Cloudflare Settings
If suspicious requests are evident, tweak Cloudflare settings to filter better. For instance, enable the IP Access Rules or adjust the Rate Limiting policies.
Conversely, relax restrictions if legitimate user traffic seems blocked. Find the optimal thresholds between security and access.
3. Verify API Keys
For APIs/apps making calls to a Cloudflare-protected domain, confirm the API keys/tokens are valid.
Inadvertently using an expired or incorrect API key is a common cause of Error 1020 access denied.
4. Check User Agent Strings
Certain user agent strings from uncommon libraries/tools can trigger Cloudflare blocks.
For API clients, try setting the user agent to a popular web browser's string as a test.
For web visitors, if a niche browser or tool triggers it, not much you can do. Consider having Cloudflare support adjust the sensitivity thresholds.
5. Try Alternate IP Addresses
If the issue seems isolated to certain visitor IP addresses, try having affected users access via alternate internet connections and mobile networks.
If those IPs work, it suggests Cloudflare banned their regular IP for past suspicious behavior. Not much can be done aside from requesting Cloudflare to whitelist the address if you're certain it's not a threat.
6. Temporarily Bypass Cloudflare
As a last resort, you can advise affected legitimate users to add the domain to their local hosts file, bypassing Cloudflare temporarily.
Try mapping the Cloudflare domain name like
If that fixes Error 1020, it reinforces Cloudflare itself is the issue, not your app config.
ASP.NET Core Config Tips
Aside from Cloudflare settings, also check these ASP.NET app config areas:
Adjust policies to be more permissive initially and tighten gradually as needed.
Summary
In review, Cloudflare's Error 1020 Access Denied commonly stems from overzealous security rule configurations.
- First inspect the Cloudflare dashboard for clues on what exactly is triggering the blocks.
- Then tweak Cloudflare policies to achieve the right balance between security and access.
- Also verify API keys are valid and try alternate user IP addresses.
- For ASP.NET apps, double check CORS, authorization, and IP filtering policies aren't overly restrictive.
Isolating the root cause requires trial and error, but being methodical usually reveals what combination of Cloudflare and app policies need adjustment.
Hopefully these troubleshooting tips help resolve frustrating 1020 access errors!