Access attempts from IP CouldFlare

Hi all,

I am observing attempts to access the web server from CouldFlare IPs looking for files with the extension .tar, .tar.gz, .sql, etc. I think they are attempts to get some malicious intrusion to the server. Does anyone know if I should block these IPs? One of them is 141.101.76.6

Are you a Cloudflare customer?

Well I think so, I use CouldFlare on several of my websites.

Then it sounds like your server is not properly restoring your visitors’ IP addresses:

Thanks, but this configuration is for Ubuntu Server, I use CentOS 8. Is there a tutorial for my system?

It’s not OS dependent. Ubuntu was just an example of the type of VPS server that would the supported web servers. The tutorials are for the Webserver, and are independent of the OS.

1 Like

Well if they depend, in Ubuntu the path of the Apache configuration is /etc/apache2/sites-available/000-default.conf and in CentOS the path is /etc/httpd/conf . If I have mod_remoteip activated

Well, in case someone uses it for CentOS 8.
In /etc/httpd/conf/httpd.conf I have added the following line:

RemoteIPHeader CF-Connecting-IP

I have changed this line:
LogFormat “%h %l %u %t “%r” %>s %O “%{Referer}i” “%{User-Agent}i”” combined

For this other:
LogFormat “%a %l %u %t “%r” %>s %O “%{Referer}i” “%{User-Agent}i”” combined

In the /etc/httpd/conf.d directory, I have created a file called remoteip.conf with these lines:

RemoteIPHeader CF-Connecting-IP
RemoteIPTrustedProxy 173.245.48.0/20
RemoteIPTrustedProxy 103.21.244.0/22
RemoteIPTrustedProxy 103.22.200.0/22
RemoteIPTrustedProxy 103.31.4.0/22
RemoteIPTrustedProxy 141.101.64.0/18
RemoteIPTrustedProxy 108.162.192.0/18
RemoteIPTrustedProxy 190.93.240.0/20
RemoteIPTrustedProxy 188.114.96.0/20
RemoteIPTrustedProxy 197.234.240.0/22
RemoteIPTrustedProxy 198.41.128.0/17
RemoteIPTrustedProxy 162.158.0.0/15
RemoteIPTrustedProxy 104.16.0.0/12
RemoteIPTrustedProxy 172.64.0.0/13
RemoteIPTrustedProxy 131.0.72.0/22
RemoteIPTrustedProxy 2400:cb00::/32
RemoteIPTrustedProxy 2606:4700::/32
RemoteIPTrustedProxy 2803:f800::/32
RemoteIPTrustedProxy 2405:b500::/32
RemoteIPTrustedProxy 2405:8100::/32
RemoteIPTrustedProxy 2a06:98c0::/29
RemoteIPTrustedProxy 2c0f:f248::/32

We’ll see if it works. Thanks for everything sdayman

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.