Cloudflare error 1014 – CNAME Cross-User Banned
If you are browsing a website and see the message, “Error 1014 CNAME Cross-User Banned”:
This typically means that the DNS is hosted on Cloudflare, and there are two competing CNAME entries somewhere in the hosting chain.
Here is the Cloudflare support documentation page:
https://support.cloudflare.com/hc/en-us/articles/360029779472-Error-1014-CNAME-Cross-User-Banned#error1014
The Problem
For this particular website that was experiencing the error, the problem was a hosting server misconfiguration. This website is hosted on WPEngine and there is an Advanced Network option in WP Engine. The Advanced Network had been enabled for the non-WWW domain, but it was not enabled for the WWW domain:
The WP Engine’s Advanced Network uses a different CNAME convention from their standard Legacy Network CNAME.
- WP Engine Legacy Network CNAME: accountname.wpengine.com
- WP Engine Advanced Network CNAME: wp.wpenginepowered.com
By default a domain name users either non-WWW or WWW, but it should not use both. It needs to be one or the other. If the default is the non-WWW version, then the WWW version redirects to the non-WWW version automatically, and vice versa.
This website is using the non-WWW as the default, and the CNAME points to the Advanced Network. The WWW version should also be pointing to the Advanced Network, but it has not been enabled, so it’s pointing to the Legacy CNAME. This can create errors if someone enters the WWW version to visit the website. The “Error 1014 CNAME Cross-User Banned” is a result of this misconfiguration.
The Solution
Thankfully the solution, in this case, is super simple. Just press the “Upgrade network” link for the WWW domain version:
WP Engine will enable the Advanced Network for this domain version, which may take several minutes. Once finished your domains screen will look like this:
Now when you view the website again on the same device, the error should be gone.
In conclusion, we discussed why the “Error 1014 CNAME Cross-User Banned” occurs and how to resolve it by enabling same network CNAME for both non-WWW and WWW domain versions.