Any way to see what content is being served?


#1

I’m developing an app that has a REST API that I call. I noticed that I’ve been getting random traffic to my API URL (mostly from Russia) which I presume is just some standard probing around looking for vulnerabilities kind of thing. Anyway, what I’m puzzled about is that it says I’ve served up 650KB of data in the past month (and that was during a long stretch where I wasn’t working on the app so I wasn’t hitting my endpoints and exchanging data). Is there any way to see WHAT that data is/was? I don’t even have a web site so I’m not sure what data could have been sent, and my API is hosted in Azure. Just in case there’s something I’m overlooking that I shouldn’t be, I’d like to know what file(s) were being served or what exact URLs were being hit. Is there any way to see this information? Thanks.


#2

Unless you can access some kind of HTTP Access logs I’m unsure, that would be on Azures side not cloudflare’s since cloudflare doesn’t really do logs for that kind of thing


#3

Note that you could probably use Workers to log. Here’s a great contribution that may work for your use case:


#4

You could create a Firewall Rule for you API URL with action Allow and set it to trigger for any country that is not a very small country. Ex:

(http.request.full_uri contains “https://api.example.com/” and ip.geoip.country ne “AX”) then Allow

This rule would allow in any visitor to your API URL that does not come from Aland Islands.

As a result, every hit to your API would be recorded in the Firewall Events log. The log doesn’t say much, it won’t provide you information on what kind of data is being taken (unless that can be inferred from the query element on the URL), but you will be able to know: Country, requested URL, User Agent and IP address of each visit. With that information, you will be able to create rules that actually block some visitors, reducing or eliminating the unwanted traffic.

PS: No prejudice against Aland Islands (and I can’t figure how to type that special-character A), only it happens to be the first country code on CF’s list that I never heard about :slight_smile:


closed #5

This topic was automatically closed after 14 days. New replies are no longer allowed.