sfw/fix
Access Denied - Sucuri WAF high

Access Denied — Sucuri Website Firewall

Sucuri's cloud WAF judged the request malicious or your origin is blocking Sucuri's IPs, so the firewall returns its Access Denied page.

What you see

Access Denied - Sucuri Website Firewall
Something in the URL, your browser, or your behavior raised a flag with our system.
If you are the site owner please log into your Sucuri account.
Your IP: 203.0.113.45

What’s actually happening

Sucuri sits in front of your origin (DNS points at their proxy), and this page is served from their edge — your server never sees the request. It can hit one visitor, or every visitor if the cause is at the origin side. The block page usually shows the blocked IP and a way to contact Sucuri. Distinct from a host-level Wordfence 403, which is generated by a plugin on your own server and looks completely different.

Common causes

  • The Sucuri WAF matched the request against its rules — something in the URL, query string, POST body, or User-Agent looked like an attack (SQLi/XSS/LFI patterns)
  • Your IP is on Sucuri's blocklist from prior flagged activity, or you're routing through a flagged VPN/datacenter range
  • Geo-blocking or an IP allowlist in the Sucuri dashboard that the visitor isn't on (common on /wp-admin)
  • The origin server is blocking Sucuri's proxy IPs (firewall/ModSecurity at the host), so Sucuri can't reach it — surfaces as an access/connection error
  • Aggressive security settings (e.g. the firewall's most restrictive mode) catching legitimate but unusual requests

How to fix it

  1. Whitelist your IP in the Sucuri dashboardLog into the Sucuri Firewall (waf.sucuri.net) → Settings → Access Control. Add your current IP to the Whitelist. Get the exact IP from the block page (it prints "Your IP") or from whatismyip — a guessed IP won't help. This clears admin/owner lockouts immediately.
  2. Find why it was blocked in the Audit Trails / logsIn the Sucuri dashboard, check Reports / Audit Trails for the blocked request. It shows the matched rule and the offending part of the request. If it's a false positive on a specific URL pattern, you can relax that protection or whitelist the URL path rather than loosening the whole firewall.
  3. Confirm the origin isn't blocking SucuriIf everyone is blocked (not just one IP), the problem is often at the origin: your host's firewall or ModSecurity is rejecting Sucuri's proxy IPs. Allowlist Sucuri's published IP ranges on the origin server and make sure the origin only accepts traffic from Sucuri so attackers can't bypass the WAF by hitting the IP directly.
  4. Loosen the security level or open a ticketIn Firewall → Settings, drop from the most paranoid security mode to a more permissive one if legitimate traffic keeps tripping it. Still stuck — or it's an end user you can't whitelist — open a Sucuri support ticket with the block page details (IP, time, the request) and they'll clear the block or tune the rule.

Stop it recurring

Keep your real IP whitelisted in the Sucuri dashboard and lock the origin to Sucuri's IP ranges so the WAF can't be bypassed or accidentally self-block.

Related errors

Cloudflare Error 1020: Access Denied

high

A Cloudflare firewall or WAF rule matched the request and blocked it outright, returning the 1020 page with a Ray ID.

Chrome "The site ahead contains malware" warning

critical

Google Safe Browsing flagged the site as hosting or pushing malware, so Chrome throws a red full-page block before it loads.

Google Safe Browsing "Deceptive site ahead" warning

critical

Google Safe Browsing flagged the site for phishing or malware, so Chrome shows a full red interstitial before the page loads.

IP listed on Spamhaus blocklist (DNSBL)

high

Your sending IP is on a Spamhaus DNSBL as a spam source or compromised host, so receiving mail servers reject your messages.