17 days ago
My website is hosted on Railway, and the domain is proxied through Cloudflare. The proxy status was enabled (orange cloud), and everything worked fine for about four to five months.
A few hours ago, I suddenly started receiving a 403 error when trying to access the website through the domain. Anyone who visits the domain sees the same error. I researched the issue and found possible causes like headless browser detection or suspicious regional activity. I tried changing the server region from Singapore to the US and UK, but that did not fix the problem.
What finally worked was disabling the Cloudflare proxy (changing from orange cloud to gray cloud). After turning the proxy off, the website started working normally again.
Now I have a few questions: Has anyone faced a similar issue? What is the actual cause of this problem? I also found information saying Railway does not provide built-in DDoS protection or CDN services. If that is true, can I safely rely on gray cloud (DNS-only) mode for 24/7 uptime? Can I get DDoS protection from Railway without using Cloudflare? What was the main cause of the original 403 error?
Attachments
13 Replies
17 days ago
I'm also getting this intermittently with Cloudflare
17 days ago
I'm going to try disable the Cloudflare proxy as well. Thanks for the tip 🙂
17 days ago
I am having this as well, they recently rolled out Fastly DDoS protection. I am wondering if we are getting hit with a false positive. My applications are not accessible on my home network at all. Either that or Cloudflare is having issues.
Edit: I am wondering now if the cloudflare proxy is just clashing with Fastly.
17 days ago
Disabling cloudflare proxy fixed it for me. I guess I'm using Fastly now haha
502 from nginx usually means it can’t reach the gateway even though containers are running.
Check:
• nginx isn’t proxying to localhost (use service/container name instead)
• gateway listens on 0.0.0.0, not 127.0.0.1
• correct port is used (Railway often requires $PORT)
• nginx error logs → they usually show the exact issue (refused/timeout/etc)
• websocket apps need upgrade headers enabled
• http vs https mismatch between nginx and upstream
Containers being “up” doesn’t always mean the service is reachable 👍
16 days ago
Railway announced a partnership with Fastly, a CDN/DDoS protection platform.
I was originally using Cloudflare for that, but seemingly Railway doesn't support Cloudflare Proxy anymore, so I'm just relying on Railway's DDoS protection (Fastly) 🙂
oh wow, damn
this changelog was on 20th , i got the error on 21st . Might make sense that 2x Protection aint the way to go afterall xD
guess we are Fastly protected for now . But it would be a good option to get Cloudflare into this as well. Or maybe if we had the chance to choose🤷♂️
oh wow, damn
this changelog was on 20th , i got the error on 21st . Might make sense that 2x Protection aint the way to go afterall xD
guess we are Fastly protected for now . But it would be a good option to get Cloudflare into this as well. Or maybe if we had the chance to choose🤷♂️
16 days ago
I assume they intend to support both options, we'll likely see a message next week 🙂
16 days ago
I've only had a report of 1 user facing the issue, at the time I didn't know the solution was to disable cf proxy but now that's useful info from the thread of replies here.
Attachments
16 days ago
Our DDoS baseline for request mitigation was far too aggressive, we have since worked with the Fastly team to correct this. No legitimate requests are being incorrectly flagged as DDoS anymore.
Status changed to Solved brody • 16 days ago