Let NowMetrix through without lowering your guard.
Your website can be perfectly healthy while Cloudflare quietly blocks a background check. Allow these two NowMetrix service IPs so metadata, thumbnails, and uptime checks can reach the public site.
The website works - but NowMetrix still sees a problem
Your website can work normally in a browser while Cloudflare blocks background requests from NowMetrix. Typical symptoms include:
- Article titles, descriptions, or preview images are missing or remain outdated.
- Thumbnail requests return
403,429, or a Cloudflare challenge page. - Uptime Monitoring reports failures even though the website opens for you.
- Cloudflare Security Events shows blocked or challenged requests from a NowMetrix IP.
Before changing a rule, confirm that the affected hostname is proxied through Cloudflare and review the matching event in Security -> Events.
Allow both NowMetrix IPs
Allow both IPv4 addresses. Adding only one address can leave some NowMetrix requests blocked.
104.248.24.238
139.59.208.202
Create one clear exception
- Open the correct website in the Cloudflare dashboard.
- Go to Security -> WAF -> Custom rules. The exact labels can vary slightly by Cloudflare plan and dashboard version.
- Create a rule named Allow NowMetrix.
- Match IP Source Address against both NowMetrix addresses.
- Choose Skip as the action.
- Select the relevant WAF and security components under More components to skip.
- Deploy the rule and place it before a later block or challenge rule that would otherwise match the request.
In the expression editor, the condition can be written as:
ip.src in {104.248.24.238 139.59.208.202}
If you prefer the visual rule builder, create two IP Source Address equals conditions and combine them with OR, not AND.
Skip only the protection that blocks the request
A matching custom rule does not necessarily bypass every Cloudflare product. Select the components responsible for the event you observed. Depending on your setup, these can include:
- Managed WAF rules and remaining custom rules.
- Rate limiting rules.
- Super Bot Fight Mode or other eligible bot controls.
If Security Events still shows a block after deploying the rule, inspect the Service, Rule, and Action fields. They identify which Cloudflare component still needs an exception.
Check the rule with a real event
- Open Security -> Events in Cloudflare.
- Filter Source IP for
104.248.24.238, then repeat for139.59.208.202. - Confirm that new requests match Allow NowMetrix and use the expected Skip action.
- Check that the origin response is no longer a
403,429, or challenge page. - Wait for NowMetrix to retry the affected page or availability check.
Still blocked? Follow the request one step further
| Check | What to verify |
|---|---|
| Rule order | The NowMetrix exception is evaluated before a rule that blocks or challenges the same request. |
| Logical operator | The two addresses are joined with OR or an IP set. A request cannot originate from both addresses at once. |
| Hostname scope | The rule applies to the hostname from which NowMetrix retrieves the page or asset. |
| Origin firewall | Your hosting provider or server firewall also allows both addresses; Cloudflare rules cannot override an origin-level block. |
| Security product | The event is not generated by a Cloudflare component that was omitted from the Skip action. |
If the issue remains, contact info@nowmetrix.com with the tracker ID, affected URL, approximate time, Cloudflare Ray ID, matching Security Event, and a screenshot of the rule.