Cloudflare Error 1020 (Access denied): why it happens and how to fix it

Cloudflare Error 1020 (Access denied) means Cloudflare blocked the request because a firewall rule, WAF rule, or security setting matched the visitor.

This is a Cloudflare-side block. Your GARMTECH hosting server is usually not the source of the 1020 error.

Quick checklist (site owner)

1. Confirm the error page says Cloudflare and includes a Ray ID.
2. Open Cloudflare Dashboard → your site → Security → Events (or Firewall Events).
3. Search for the Ray ID and review which rule blocked the request.

Common reasons for Error 1020

• A custom firewall rule blocks a country, ASN, IP range, or user agent.
• WAF / managed rules triggered by a request pattern (e.g., admin URLs, API endpoints, unusual query strings).
• Rate limiting / bot protection blocked repeated requests.
• A security challenge is required, but the request cannot pass it (some API calls, webhook callbacks, etc.).
• Security modes (for example, “I’m Under Attack Mode” or a very strict Security Level) can increase the chance of blocks.

How to fix it safely

1) Allow a trusted IP (recommended for admins)

• Add your office/home IP to an Allow rule.
• Avoid allowing “everyone” unless you fully understand the security impact.

2) Adjust or disable the blocking rule

1. Open the blocked event details in Cloudflare.
2. Identify the rule name (custom rule, WAF rule, rate limiting rule).
3. Modify the rule condition or change the action to Log / Challenge instead of Block where appropriate.

3) Check for false positives on admin/API URLs

If Error 1020 happens only on certain paths (for example, /wp-admin/ or /api/), create a more specific rule exception for that path.

Tips for troubleshooting

• Ask the affected user to provide the Ray ID and the exact URL that triggers the error.
• Temporarily set the DNS record to DNS only to confirm the site works without Cloudflare (do this only for testing).
• If you use a security plugin (WordPress, etc.), remember there are two layers: Cloudflare security and application security. Error 1020 is specifically Cloudflare.

After changes

• Refresh the page in an incognito/private window to avoid stale cookies/cache.
• If the problem affects only a specific user, check whether they use a VPN or a corporate proxy.

For visitors (if you are not the site owner)

• Disable VPN/proxy and try again.
• Clear cookies and try an incognito window.
• Try another network (mobile data vs Wi‑Fi).