← Load Test Directory

Bypass CloudFlare Blocks

How to prevent CloudFlare from blocking LoadForge with HTTP 403 errors

You are now browsing the LoadForge locust test directory. You can use these tests as a starting point for your own tests, or use our AI wizard to generate one automatically.

World

When using LoadForge to test your website's performance, Cloudflare's security measures may inadvertently block or interfere with the testing traffic. This can lead to inaccurate test results and hinder your ability to assess your site's performance under load. To prevent this, you can implement one of the following solutions to allow LoadForge's traffic through Cloudflare without compromising your website's security.

1. Temporarily Disable Cloudflare Protection

Temporarily lowering or disabling Cloudflare's security settings during your testing period ensures that LoadForge's traffic is not blocked.

Instructions

  1. Access Your Cloudflare Dashboard:

  2. Lower Security Settings:

    • Navigate to the Security section.
    • Go to WAF > Settings.
    • Adjust the Security Level to Essentially Off or Low.

  3. Disable Specific Features (Optional):

    • If needed, you can also disable Bot Fight Mode or Rate Limiting under the Bots and Rate Limiting sections, respectively.

  4. Run Your LoadForge Tests:

    • Perform your load testing while the security settings are reduced.

  5. Revert Security Settings:

    • After testing, revert the security settings to their original levels to re-enable full protection.

Pros

  • Quick Implementation: Easy to execute without advanced configuration.
  • Immediate Effect: Changes take effect promptly, allowing for immediate testing.

Cons

  • Reduced Security: Temporarily exposes your website to potential threats.
  • Manual Reversion Needed: Requires you to remember to restore security settings afterward.

2. Whitelist LoadForge IP Ranges

By whitelisting LoadForge's IP ranges, you allow their testing traffic while maintaining normal security measures for other visitors.

Instructions

  1. Obtain LoadForge IP Ranges:

    • Visit LoadForge's IP Ranges page to get the list of IP addresses used for testing.

  2. Access Cloudflare Dashboard:

  3. Navigate to IP Access Rules:

    • Go to Security > WAF > Tools.

  4. Add IP Ranges to Whitelist:

    • Under IP Access Rules, click Add.
    • Enter each LoadForge IP range.
    • Set the action to Allow.
    • Choose This Website under Zone to apply the rule only to your site.

  5. Save Changes:

    • Confirm and save each entry to update your firewall rules.

Pros

  • Targeted Allowance: Only LoadForge's IP addresses are permitted, keeping your site secure from other sources.
  • Set and Forget: Once configured, no need to adjust settings for future tests unless IP ranges change.

Cons

  • Maintenance Required: LoadForge may update their IP ranges, necessitating updates on your end.
  • IP Spoofing Risk: Though minimal, there's a potential risk if an attacker spoofs a whitelisted IP.

3. Add and Whitelist a Custom Header

Instruct LoadForge to send a custom HTTP header with its requests and configure Cloudflare to allow traffic containing this header.

Instructions

  1. Set Up Custom Header in LoadForge:

  2. Access Cloudflare Dashboard:

  3. Create a WAF Custom Rule:

    • Go to Security > WAF > Custom Rules.
    • Click Create Rule.

  4. Configure the Rule:

    • Rule Name: Enter a descriptive name like "Allow LoadForge Testing".
    • When incoming requests match...:
      • Field: Select HTTP Request Header.
      • Operator: Choose Equals.
      • Value: Enter the custom header and its value (e.g., X-LoadForge-Test: true).
    • Then...:
      • Action: Select Allow.

  5. Deploy the Rule:

    • Save and deploy the rule to activate it immediately.

Pros

  • Secure Method: Only requests with the specific header are allowed, minimizing security risks.
  • No IP Management: Eliminates the need to track and update IP ranges.

Cons

  • Complex Setup: Requires precise configuration on both LoadForge and Cloudflare.
  • Header Exposure Risk: If the custom header becomes known, malicious actors could potentially exploit it.

By implementing one of these methods, you can ensure that Cloudflare does not interfere with LoadForge's testing traffic, allowing for accurate and effective performance assessments of your website.

Ready to run your test?
Run your test today with LoadForge.

Run free test