Fix Bad Behaviour and Cloud Flare Google 403s

Cloudflare and Bad-Behaviour give Google a big fat 403, this solution may fix your problems.

Wordpress plugin configuration for Cloudflare and Bad-Behavior is at the bottom of the page.

Bad Behavour and CloudFlare give Google the 403s

Bad Behaviour is a PHP program that protects your site from hackers, and is run on your webserver.
Cloudflare is a CDN (Content Delivery Network) with extras that can be enabled and configured. Cloudflare is enabled by changing your sites DNS entries to point to CloudFlare instead.

Adding Bad Behaviour to a PHP site served by CloudFlare can cause problems for google (and other search engines) if the bad behaviour configuration is not completed correctly.

You may find that your google ranking drops off rapidly for no apparent reason, while your site works perfectly well for your visitors, google gets a 403 and this message:

Error 403

We're sorry, but we could not fulfill your request for / on this server.

An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.
Your technical support key is: 8d65-5518-f118-2195
You can use this key to fix this problem yourself
If you are unable to fix the problem yourself, please contact example at and be sure to provide the technical support key shown above.

Google doesn't like this one bit as a '403 Forbidden' is telling google to jog-on and not conducive to good google rankings, pages will drop from their index like (insert something witty here).

CloudFlare is a CDN with bells and whistles and acts as a reverse proxy. It is this option that needs to be configured in the bad behaviour configuration as, by default, its not enabled. This causes the google test to fail and bad behaviour gives a 403 to google.

To fix the problem of bad behavour, cloudflare and google:

In your bad-behavior directory, find:


and copy it to:


Edit the settings.ini file with a text editor and change the line that reads:

reverse_proxy = false


reverse_proxy = true

and change the connecting IP settings 


reverse_proxy_header = "X-Forwarded-For"


reverse_proxy_header = "Cf-Connecting-Ip"

save the settings.ini and log into your google/webmasters account, select the site in question, Health, Fetch as Google, enter the page to check, wait a few seconds for the Success message to appear, then click the Success to see what google sees, should be a:

HTTP/1.1 200 OK
(This is good)

and not a nasty

HTTP/1.1 403 Bad Behavior
(This is bad)
which is only reserved for hackers and web miscreants by Bad Behavior

If you are looking for a web host, I suggest you try KVC, they have packages for all budgets and situations, even free hosting with the ability to run Bad Behavior (PHP) and Cloud Flare (DNS). They also include WordPress in their package.

settings.ini sample for bad behavior

; settings.ini

display_stats = false
strict = false
verbose = false
logging = true
httpbl_key = ""
httpbl_threat = 25
httpbl_maxage = 30
offsite_forms = false
eu_cookie = false
reverse_proxy = true
reverse_proxy_header = "Cf-Connecting-Ip"
;reverse_proxy_addresses[] =
;reverse_proxy_addresses[] =

Bad Behaviour, CloudFlare and WordPress

Bad Behaviour is also available as a WordPress plugin.

CloudFlare has a WordPress plugin.

To configure the Bad Behaviour WordPress plugin to work with CloudFlare CDN you can enable the  Enable Reverse Proxy option in the Bad Behavior settings in your wordpress admin pages by adding a tick to the box and updating.

There is also an option to change the "X-Forwarded-For" to "Cf-Connecting-Ip" in the 'Header containing Internet clients' IP address' box to allow Bad Behaviour to obtain the IP of the visitor.

An example of the Cf-Connecting-Ip settings in wordpress when using cloudflare is shown below.