Cloudflare Blocking File Download/Access

We are trying to move/upload an audio file from Podio to Google Drive. The audio file is stored as a URL to a WAV file on a remote server (that belongs to SmrtPhone).

We’ve got the scenario working, but it cannot download the file from SmrtPhone. Instead, it downloads an text file that contains the code below. It looks to me like SmrtPhone has Cloudflare protecting its servers and CF just isn’t letting through to download the file.

What are my options?

<!DOCTYPE html>
<html lang="en-US">
    <title>Just a moment...</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=Edge">
    <meta name="robots" content="noindex,nofollow">
    <meta name="viewport" content="width=device-width,initial-scale=1">
    <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
    <meta http-equiv="refresh" content="35">

<body class="no-js">
    <div class="main-wrapper" role="main">
    <div class="main-content">
            <div id="challenge-error-title">
                <div class="h2">
                    <span class="icon-wrapper">
                        <div class="heading-icon warning-icon"></div>
                    <span id="challenge-error-text">
                        Enable JavaScript and cookies to continue
        <form id="challenge-form" action="PETH_TO_FILE" method="POST" enctype="application/x-www-form-urlencoded">
            <input type="hidden" name="md" value="GIBBERISH_HASH">
            cvId: '2',
            cZone: '',
            cType: 'non-interactive',
            cNounce: '63993',
            cRay: 'XXX',
            cHash: 'XXX',
            cUPMDTk: "\/2010-04-01\/Accounts\/XXX\/Recordings\/XXX?__cf_chl_tk=XXX.1.XXX-1689370323-0-gaNycGzNDPs",
            cFPWv: 'b',
            cTTimeMs: '1000',
            cMTimeMs: '60000',
            cTplV: 5,
            cTplB: 'cf',
            cK: "",
            cRq: {
                ru: 'XXX==',
                ra: 'XXX',
                rm: 'R0VU',
                d: 'XXX',
                t: 'XXX=',
                cT: Math.floor( / 1000),
                m: 'XXX//XXX=',
                i1: 'XXX==',
                i2: 'XXX==',
                zh: 'XXX+mpM=',
                uh: 'oo7ha3xKsCMmo1ATI5cC7f++XX+XXX+yqNeJbw=',
                hh: 'XXX=',
        var cpo = document.createElement('script');
        cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/jsch/v1?ray=XXX';
        window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
        window._cf_chl_opt.cOgUQuery = === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' :;
        if (window.history && window.history.replaceState) {
            var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
            history.replaceState(null, null, "\/\/.1.XXX-1689370323-0-gaNycGzNDPs" + window._cf_chl_opt.cOgUHash);
            cpo.onload = function() {
                history.replaceState(null, null, ogU);


Is your HTTP module the one trying to get the audio from smrtPhone?
If so, can you show its configuration without divulging sensitive information?
Do you have an API reference for that service?

1 Like

Yes, the HTTP module is grabbing the file. There is no API involved. SmrtPhone adds the audio URL right into a Podio field after a call is completed and when clicked, it triggers a WAV file download in Firefox (Chrome plays in browser with the Chrome player). Here’s the scenario screenshot…

But…CloudFlare is protecting the SmrtPhone website and I think that extra step is stopping the file download. This is what I see whenever I click the audio file URL in Podio.

@CodeMonkey I am not sure if you would be able to download it like this, but can you try the following things?

  • Can you download the file in an incognito browser?
  • Can you try to use the HTTP module “Make a request” , use GET and enable “Follow all redirect”
  • Did you check if SmrtPhone has some kind of API?

This was a great suggestion but it, unfortunately, did not work. It’s downloading the same HTML error page I included in my first post. :face_exhaling:

SmrtPhone has an API, but it’s very rudimentary and won’t allow access to recordings or other details about calls.

EDIT: In the meantime, I’ve asked SmrtPhone if they can whitelist the Make IPs in CloudFlare to allow the connections.

Ok, I’m almost at an answer. SmrtPhone has advised me to replace the URL with a Twilio one to bypass CloudFlare.

So this…

Needs to become this…

I’m assuming I can use the “Switch” tool but I can’t figure out the Regex code to replace with in the URL string while preserving the rest o the URL. Can anyone assist?

That’s awesome they were able to help you out there!

Now, you can just use replace()

{{replace(“url”; “”; “”)}}


And this is FIXED! Thanks for the Replace code, @Donald_Mitchell !

And everyone else that contributed towards the hunt, I greatly appreciate the help!