Cloudflare

How to fix Cloudflare Error 1003: 2 easy ways

November 24, 2025

6 min read

You're browsing the web, click a link, and suddenly hit a wall: "Error 1003: Direct IP access not allowed." This frustrating message appears when Cloudflare blocks your request for trying to reach a website through its raw IP address instead of the domain name.

Whether you're a website visitor confused by the error or a site administrator trying to prevent it from affecting your users, this guide walks you through exactly what causes Cloudflare Error 1003 and how to fix it.

What Is Cloudflare Error 1003?

Cloudflare Error 1003 occurs when someone attempts to access a website by typing the server's IP address directly into their browser instead of using the domain name. Cloudflare acts as a protective proxy between visitors and web servers, and it blocks direct IP requests to maintain security. This ensures all traffic passes through Cloudflare's CDN and security filters.

Think of Cloudflare like a receptionist at a secure building. Visitors must check in at the front desk (the domain name) rather than sneaking in through a side door (direct IP access). When you try to bypass the receptionist, you get turned away with Error 1003.

This error is part of Cloudflare's 1xxx error series, which includes other common blocks like Error 1015 (rate limiting) and Error 1020 (firewall blocks). Each serves a specific security purpose.

Why Does Cloudflare Error 1003 Happen?

Both website visitors and administrators can trigger this error. Understanding the root cause helps you apply the right fix.

Misconfigured DNS Records

Website owners configure DNS records within Cloudflare's dashboard. Records can be set to "Proxied" (orange cloud icon) or "DNS Only" (grey cloud icon).

When critical records are set to DNS Only, the server's IP address becomes visible. Users might then access the site directly via IP, triggering the error because the request bypasses Cloudflare's proxy.

Users Typing IP Addresses Directly

Sometimes visitors accidentally type an IP address into their browser's address bar. This happens when users copy-paste server information or click old bookmarks that contain raw IPs.

Cloudflare immediately blocks these requests since they don't pass through the proper routing channels.

Automated Scripts and Bots Using IPs

Web scrapers, API clients, and automated tools sometimes hardcode IP addresses instead of domain names. When these tools target the origin server directly, Cloudflare intercepts and blocks the request with Error 1003.

This is common with older scripts that were written before the website migrated to Cloudflare.

Misconfigured Plugins or Applications

Third-party plugins, CDN integrations, or server-side applications might communicate using the origin IP rather than the domain. This misconfiguration causes internal requests to fail with the same error.

How to Identify Cloudflare Error 1003

The error page displays several distinct elements that confirm you're dealing with Error 1003:

Error message: "Direct IP access not allowed"
Error code: 1003 displayed prominently
Cloudflare branding: Logo and styling from Cloudflare's network
Ray ID: A unique identifier for the blocked request

If you see this page, your request was blocked because it attempted to connect via IP address rather than the proper domain route.

How to Fix Cloudflare Error 1003 (For Website Administrators)

If you manage a website showing this error to visitors, check these settings.

Step 1: Verify DNS Records Are Proxied

Log into your Cloudflare dashboard and navigate to DNS settings. Check that your A, AAAA, and CNAME records pointing to your web server show an orange cloud (Proxied) status.

Grey cloud icons mean traffic goes directly to your server without Cloudflare protection. Switch these to Proxied for proper routing.

Step 2: Review Firewall and Security Rules

Navigate to Security > WAF in your Cloudflare dashboard. Check for any rules that might inadvertently affect legitimate traffic patterns.

While firewall rules rarely cause this error directly, misconfigured rules can create confusing access issues.

Step 3: Block Direct IP Access at the Server Level

For complete protection, configure your origin server to only accept connections from Cloudflare's IP ranges. This prevents anyone from bypassing Cloudflare entirely.

Nginx Configuration:

Add this to your server block:

# Allow Cloudflare IPs only
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
real_ip_header CF-Connecting-IP;

This configuration tells Nginx to trust only Cloudflare's IP ranges and extract the real visitor IP from the CF-Connecting-IP header.

Apache Configuration:

Add this to your VirtualHost or .htaccess:

<IfModule mod_remoteip.c>
    RemoteIPHeader CF-Connecting-IP
    RemoteIPTrustedProxy 103.21.244.0/22
    RemoteIPTrustedProxy 103.22.200.0/22
    RemoteIPTrustedProxy 103.31.4.0/22
    RemoteIPTrustedProxy 104.16.0.0/13
    RemoteIPTrustedProxy 104.24.0.0/14
    RemoteIPTrustedProxy 108.162.192.0/18
</IfModule>

Check Cloudflare's official IP ranges documentation for the complete current list, as these may change over time.

Step 4: Use Cloudflare Authenticated Origin Pulls

For maximum security, enable Authenticated Origin Pulls in Cloudflare. This feature requires a valid Cloudflare certificate for any connection to your origin server.

Go to SSL/TLS > Origin Server in your dashboard and enable Authenticated Origin Pulls. Then configure your web server to require the Cloudflare client certificate.

How to Fix Cloudflare Error 1003 (For Website Visitors)

If you're encountering this error as a regular user, try these solutions.

Check Your Browser's Address Bar

Make sure you're using the actual domain name (example.com) rather than an IP address. If the URL starts with numbers like 104.24.x.x, that's the problem.

Type the correct domain name and the error should resolve immediately.

Clear Browser Cache and DNS Cache

Old cached DNS records might point to outdated IP addresses. Clear your browser cache and flush your local DNS cache.

On Windows, open Command Prompt and run:

ipconfig /flushdns

On macOS, open Terminal and run:

sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder

Update Bookmarks and Saved Links

If you clicked an old bookmark containing an IP address, update it with the proper domain. Right-click the bookmark and edit the URL.

How to Handle Cloudflare Error 1003 for Web Scraping

Developers building web scrapers frequently encounter this error when their code targets IP addresses instead of domains.

Always Use Domain Names in Requests

Update your scraper code to request the domain rather than the IP:

import requests

# Wrong - triggers Error 1003
# response = requests.get("http://104.24.123.85/page")

# Correct - uses domain name
response = requests.get("https://example.com/page")

This simple change prevents the error in most cases.

Use Residential Proxies for Better Success Rates

When scraping at scale, rotating residential proxies help avoid detection and blocks. Services like Roundproxies.com offer residential, datacenter, ISP, and mobile proxies that route requests through legitimate IP addresses.

Proxies also distribute your requests across multiple IPs, preventing rate limiting and improving scraping reliability.

Set Proper HTTP Headers

Always include a valid Host header matching the target domain:

headers = {
    "Host": "example.com",
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
}
response = requests.get("https://example.com/page", headers=headers)

Missing or incorrect Host headers trigger this error because the server can't determine which site you're requesting.

Preventing Error 1003 on Your Own Website

Site administrators can take proactive steps to minimize Error 1003 occurrences.

Hide Your Origin Server IP

Use services like Cloudflare's DNS-only setup combined with firewall rules that block all non-Cloudflare traffic. This makes your origin IP invisible to outside scanners.

Monitor Server Access Logs

Regularly check your web server logs for direct IP access attempts. Look for requests hitting your server's public IP rather than coming through Cloudflare.

These logs help identify misconfigured services or potential security probes targeting your infrastructure.

Keep Cloudflare IP Lists Updated

Cloudflare occasionally updates its IP ranges. If you've configured your firewall to only accept Cloudflare IPs, set up automated updates to avoid accidentally blocking legitimate traffic.

Conclusion

Error 1003 exists to enforce proper website access through domain names rather than direct IP connections. This security measure ensures all traffic benefits from Cloudflare's protection and performance features.

For administrators, the fix involves ensuring DNS records are proxied and configuring origin servers to accept only Cloudflare traffic. For visitors, simply using the correct domain name resolves the issue.

Understanding how HTTP Host headers and Cloudflare's proxy system work helps you troubleshoot this error quickly and prevent it from recurring.

FAQ

What does Cloudflare Error 1003 mean?

Cloudflare Error 1003 means your request attempted to access a website using its IP address directly instead of the domain name. Cloudflare blocks these requests to maintain security and ensure traffic routes through its protective CDN network.

Can I access a Cloudflare-protected site via its IP address?

No. Cloudflare intentionally blocks direct IP access to websites using its proxy service. You must use the registered domain name to access the site properly. This is a security feature, not a bug.

How do I find a website's real IP address behind Cloudflare?

Cloudflare hides origin server IPs to protect against direct attacks. While various historical DNS lookup tools exist, properly configured servers also block direct connections even if the IP becomes known.

Why does my web scraper get Cloudflare Error 1003?

Your scraper likely targets the server IP directly or sends requests without a proper Host header. Update your code to use the domain name and include correct HTTP headers with each request.

Marius Bernard

Marius Bernard is a Web Scraping Engineer & Technical Advisor at Roundproxies. He authored the Web Scraping chapter of the 2024 Web Almanac/Techinsider. He loves python, golang and proxies.

Get the best
proxies out there

Get Proxies now

Related from Knowledge Base

Go Web Scraping: Complete 2025 Guide & Code Examples

PHP Web Scraping Guide 2026: Speed & Anti-Bot Tips

C# Web Scraping Guide: Build Fast Working Scrapers

Web Scraping in R: Complete Guide 2026

Web Scraping in Rust: Complete 2026 Guide

How to Do Web Scraping in Kotlin: The Developer's Guide

How to Do Web Scraping in Lua: A Developer's Guide

How to Do Web Scraping in Dart: A Complete 2026 Guide

How to Do Web Scraping in Perl: The Complete Developer's Guide

Python Web Scraping Guide: Build Scrapers in 2026

How to Use Botasaurus in 2026

How to Scrape Dynamic Websites With Headless Web Browsers

12 Ways to Make HTTPS Requests in Node.js

15 Methods to Not Get Blocked Web Scraping

How to Use Playwright Playwright Proxy in 2026

How to Take Screenshots with Puppeteer

How to Store and Manage Scraped Data Efficiently

User-Agent Rotation: Why and How to Implement It

How to Scrape Data Behind Login Pages

What Are Backconnect Proxies and How They Work