Error 1020 is one of the most common Cloudflare errors that visitors encounter. It means the site owner has configured a firewall rule (in Cloudflare's WAF section) that matches the visitor's request, and the rule's action is to block. These rules can match on IP address, country, ASN, URL path, query string, HTTP method, User-Agent, referer, and many other request attributes. Unlike the generic 1006/1007/1008 IP bans, 1020 specifically indicates a WAF rule match.
The site owner created a custom firewall rule that matches one or more attributes of the visitor's request (IP, country, User-Agent, URL pattern, etc.).
Cloudflare's managed WAF ruleset detected a suspicious pattern in the request (SQL injection attempt, XSS pattern, path traversal) and blocked it.
Cloudflare's bot fight features are enabled and classified the visitor's traffic as automated.
A firewall rule with wide matching criteria (e.g., blocking an entire country or all non-browser User-Agents) is catching legitimate traffic.
Review the URL you were accessing — if it contains patterns like SQL keywords, path traversal sequences, or unusual parameters, the WAF may have flagged it.
Test if the block is IP-specific, country-specific, or browser-specific by changing your access method.
Let the site owner know you are being blocked. Provide the Cloudflare Ray ID shown on the error page so they can look up the exact rule that triggered.
In the Cloudflare dashboard, go to Security > Events. Filter by the Ray ID to see which specific rule blocked the request, then adjust the rule if the block was unintended.
The site owner has blocked the visitor's IP address using Cloudflare's firewall tools.
Access was denied based on the visitor's activity being flagged as malicious by Cloudflare.
The visitor is sending too many requests and has been rate-limited by Cloudflare.