If you are using Soundiiz with a self-hosted media server such as Plex, Emby, Jellyfin, Navidrome, or any similar service, your server must be reachable by Soundiiz from the internet.
When running transfers, Soundiiz may send multiple requests per second to your server to read, match, create, or update your playlists and library data. If your server is protected by Cloudflare, a reverse proxy, a firewall, rate limiting, bot protection, or another security layer, these requests may be blocked automatically.
When this happens, Soundiiz will not be able to communicate correctly with your server, and transfers may fail, stop unexpectedly, or return connection errors.
Why this happens
During a transfer, Soundiiz needs to make many API calls in a short period. This is expected behavior.
However, protection services such as Cloudflare may interpret this activity as suspicious traffic, especially if:
- Many requests are sent in a short time.
- Your server has rate limiting enabled.
- Bot protection or managed challenges are active.
- The request pattern looks automated.
- The server is behind strict firewall rules.
- The service is only partially exposed to the internet.
Because Soundiiz is a cloud-based service, requests to your self-hosted server come from Soundiiz servers, not from your own browser or local network.
What you need to do
You should check your incoming request logs to identify the IP addresses Soundiiz uses to connect to your server. Then, you should allowlist these IP addresses in Cloudflare, your firewall, or your reverse proxy configuration.
There may be more than one Soundiiz IP address, so make sure to check your logs carefully.
How to find Soundiiz incoming IP addresses in Cloudflare
- Start a transfer or synchronization from Soundiiz to your self-hosted service.
- Open your Cloudflare dashboard.
- Select the domain used by your Plex, Emby, Jellyfin, Navidrome, or other self-hosted service.
- Go to Security > Events.
- Look for requests made around the exact time you started the Soundiiz transfer.
- Filter the events by the hostname or path used by your media server if needed.
- Check which requests were blocked, challenged, rate limited, or flagged by Cloudflare.
- Note the source IP addresses associated with these requests.
- Repeat the process if needed, as Soundiiz requests may come from multiple IP addresses.
How to allow Soundiiz IP addresses in Cloudflare
Once you have identified the Soundiiz IP addresses:
- Open your Cloudflare dashboard.
- Select your domain.
- Go to Security > WAF.
- Open Tools or create a custom WAF rule, depending on your Cloudflare plan and configuration.
- Add the Soundiiz IP addresses you found in your logs.
- Set the action to Allow or Skip security checks for these IPs.
- Save the rule.
- Run the Soundiiz transfer again to confirm that requests are no longer blocked.
Depending on your Cloudflare configuration, you may need to skip or bypass specific protections such as:
- Managed challenges
- Bot fight mode
- Rate limiting rules
- WAF managed rules
- Firewall rules
- Custom security rules
Important notes
Do not allowlist random IP addresses unless you have confirmed in your logs that they are used by Soundiiz during your transfer.
If your server uses another protection layer in addition to Cloudflare, such as Nginx, Traefik, Caddy, Fail2ban, a hosting firewall, or a NAS firewall, you may also need to allow the same IP addresses on those services.
If Soundiiz is still unable to connect after allowing the detected IP addresses, check your server logs again to confirm whether requests are still being blocked by another rule or service.
Summary
For self-hosted services such as Plex, Emby, Jellyfin, and Navidrome, Soundiiz requires direct, reliable access to your server.
If Cloudflare or another security service blocks Soundiiz requests, transfers will not work correctly. The best solution is to check your incoming request logs, identify the Soundiiz IP addresses, and allowlist them in your protection layer.