Cloudflare Issues

Let NowMetrix through without lowering your guard.

Your website can be perfectly healthy while Cloudflare quietly blocks a background check. Allow these two NowMetrix service IPs so metadata, thumbnails, and uptime checks can reach the public site.

The website works - but NowMetrix still sees a problem

Your website can work normally in a browser while Cloudflare blocks background requests from NowMetrix. Typical symptoms include:

  • Article titles, descriptions, or preview images are missing or remain outdated.
  • Thumbnail requests return 403, 429, or a Cloudflare challenge page.
  • Uptime Monitoring reports failures even though the website opens for you.
  • Cloudflare Security Events shows blocked or challenged requests from a NowMetrix IP.

Before changing a rule, confirm that the affected hostname is proxied through Cloudflare and review the matching event in Security -> Events.

Allow both NowMetrix IPs

Allow both IPv4 addresses. Adding only one address can leave some NowMetrix requests blocked.

104.248.24.238
139.59.208.202
Create the exception only for these two exact addresses. Do not disable Cloudflare security for all visitors.

Create one clear exception

  1. Open the correct website in the Cloudflare dashboard.
  2. Go to Security -> WAF -> Custom rules. The exact labels can vary slightly by Cloudflare plan and dashboard version.
  3. Create a rule named Allow NowMetrix.
  4. Match IP Source Address against both NowMetrix addresses.
  5. Choose Skip as the action.
  6. Select the relevant WAF and security components under More components to skip.
  7. Deploy the rule and place it before a later block or challenge rule that would otherwise match the request.

In the expression editor, the condition can be written as:

ip.src in {104.248.24.238 139.59.208.202}

If you prefer the visual rule builder, create two IP Source Address equals conditions and combine them with OR, not AND.

Skip only the protection that blocks the request

A matching custom rule does not necessarily bypass every Cloudflare product. Select the components responsible for the event you observed. Depending on your setup, these can include:

  • Managed WAF rules and remaining custom rules.
  • Rate limiting rules.
  • Super Bot Fight Mode or other eligible bot controls.

If Security Events still shows a block after deploying the rule, inspect the Service, Rule, and Action fields. They identify which Cloudflare component still needs an exception.

Check the rule with a real event

  1. Open Security -> Events in Cloudflare.
  2. Filter Source IP for 104.248.24.238, then repeat for 139.59.208.202.
  3. Confirm that new requests match Allow NowMetrix and use the expected Skip action.
  4. Check that the origin response is no longer a 403, 429, or challenge page.
  5. Wait for NowMetrix to retry the affected page or availability check.
After changing Cloudflare rules, allow 15-20 minutes for a new crawler attempt and for updated thumbnails or metadata to appear in NowMetrix.

Still blocked? Follow the request one step further

CheckWhat to verify
Rule orderThe NowMetrix exception is evaluated before a rule that blocks or challenges the same request.
Logical operatorThe two addresses are joined with OR or an IP set. A request cannot originate from both addresses at once.
Hostname scopeThe rule applies to the hostname from which NowMetrix retrieves the page or asset.
Origin firewallYour hosting provider or server firewall also allows both addresses; Cloudflare rules cannot override an origin-level block.
Security productThe event is not generated by a Cloudflare component that was omitted from the Skip action.

If the issue remains, contact info@nowmetrix.com with the tracker ID, affected URL, approximate time, Cloudflare Ray ID, matching Security Event, and a screenshot of the rule.