Allow the generation of Used CSS and Critical Path CSS in Cloudflare

This article contains information related to the known issues caused by Cloudflare's security options that affect the Remove Unused CSS and Load CSS Asynchronously features, when trying to generate the Used CSS and Critical Path CSS, respectively.

Cloudflare Bot fight mode

Cloudflare's Bot fight mode can incorrectly detect WP Rocket servers as bots.

To make sure the servers can access your pages, please go to Cloudflare > Security > Settings > Bot fight mode, and disable it, as shown below:

bot fight mode

Cloudflare Firewall

In some cases, the Cloudflare Firewall could be blocking WP Rocket servers, and you could see this notice in the WordPress dashboard:

It seems a security plugin or the server's firewall prevents WP Rocket from accessing the Remove Unused CSS generator. IPs listed here in our documentation should be added to your allowlists:

- In the security plugin, if you are using one
- In the server's firewall. Your host can help you with this

This other notice can also be shown:

Cloudflare protection prevents the service from accessing the website.

To solve this problem, you could use Cloudflare's Custom Lists and Custom rules to allow WP Rocket's IP addresses by following these instructions:

  1. Go to Cloudflare > Manage Account > Settings > Lists > Custom Lists.
  2. Click on the Create list button.
  3. Add an Identifier, make sure the Type is IP, and click on the Create button.
  4. Copy one of the available lists of IPs, and paste it in the first IP box.

    You don't need to enter IP by IP, range by range, because the Cloudflare dashboard will automatically create entries for each item.
  5. Click on Add to list, and you're done.

    Here's a short recording you can use as visual reference:

    create custom list


    Up until here, you have successfully created your Custom list, and you can continue with your Custom rule like this:

  6. Go to Security > Security rules.
  7. Click on the Create rule button, and select the Custom rules option.
  8. Type a relevant Rule name.
  9. Choose these parameters:
    • Field: IP Source Address.
    • Operator: Is in list.
    • Value: Select the IdentifierCustom list you created in the above steps.
    • Choose action: Skip.
    • WAF components to skip: Check all the available WAF components boxes.
  10. Lastly, click on Deploy.

Here's a recording of how to create the Custom rule:

custom rule


When this Custom rule is deployed, Cloudflare should no longer block WP Rocket servers.

Cloudflare Workers

In some cases, our tool can be blocked by a Cloudflare Worker. If that's the reason, you will see an error similar to this one:

Error 1101: Rendering error. Worker Threw Exception.

A common cause of this is a Cloudflare Worker throwing a runtime JavaScript exception.

To debug this, follow these steps:

  1. Go to the Cloudflare > Compute (Workers) tab.
  2. Deactivate any worker you have enabled there.
  3. Once the workers are disabled, try regenerating the Used CSS or Critical Path CSS in WP Rocket.

If the generation runs smoothly, you will need to debug your worker's code for any errors.

If that doesn't help, please ask Cloudflare's support to allow WP Rocket.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Related Articles