I used Cloudflare for many years very lazily just for DNS but from time to time I tried to use firewall with pathetic results. I’m not a Sys-Admin and I don’t want to sound offensive but this firewall doesn’t block anything for me.
I mean yes, I can successfully block myself but I can do nothing to protect my website from unwanted POST requests that flood one script of mine. I exactly know what IPs and Hostnames are involved and I want to block since 2016 but Cloudflare just doesn’t block them.
Before you ask I know how to configure the firewall and define rules. I’m also running cPanel with mod_cloudflare installed but I find hilarious that there’s no place where I can block these IPs that keep flooding me from years even though at the moment they’re simultaneously banned from:
- Cloudflare Firewall
- cPanel Firewall
- VPS Firewall
- .htaccess rules
Such requests are not some kind of hacks or ddos attacks. It’s a simple PHP script that sends POST requests with curl on every page load. The problem is that this script has been installed on 40+ websites! Of course it was a bug since in reaility it had to POST data only once every 2 weeks but people refuse to update softwares so I have to live with it.
I even tried with Pro plan but it didn’t change anything so that I’ve immediately downgraded my account back to “Free account” in less than 10 minutes.
Let me make it very simple. For a moment don’t think about POST, SSL, Hostname, and/or conditions, protocols. Let’s focus on one little thing. I want to ban an IP address I know from a list of 40+. Why on earth it doesn’t work?