A request was blocked by the Cloudflare firewall, indicating the IP address 2401:4f8:200:8232::2 needs to be added to the allowlist to bypass this block.
What is the issue you’re encountering
Connection refused for REST API
What steps have you taken to resolve the issue?
Removing CF proxy enables access. Allow Listing does not using (ip.src eq 104.26.6.23)
Now I worked out a simple rate rule of fairly drastic limits is appropriate for a relatively quiet site is enough to head off 20 GETs a second from anywhere
Do you have a screenshot of that error, or something similar?
That specific IPv6 address seems to be unallocated at the moment, as APNIC ( Asia Pacific Network Information Centre) hasn’t allocated it to any organisations at the moment.
If you have multiple accounts and/or zones, it will ask you which account and/or zone you wish to go in to, and once you have selected the correct account and zone, it will take you to the right place.
Actually, yes, consistent naming and such are on my wishlist.
I guess that depends on what you call DDOS attacks, as the definition may vary from person to person, and from organisation to organisation.
Attack mode is only suggested during an actual attack wave, and is suggested to be disabled again, as soon as the attack has subsided.
It will provide a challenge to the users, but if the user is able to solve them, it will let them pass through for time specified in Challenge Passage under Security → Settings.
In this specific case, it is a “Custom rule” that I added myself, to my WAF, to block visitors (e.g. browsers) that do not present the User-Agent header.
Actually, it was added (like many others), as a test rule at one point, at an unused domain.
Currently, Microsoft’s network (likely their Azure Cloud) seems to be hitting that unused domain, with a lot of garbage traffic, at the moment.
That would likely require your rate limiting rules, as well as information about the DDoS attack you seem to be experiencing.
If I’m interpreting “from anywhere” correctly, we’re not talking about one single source, but multiple sources?
IIRC, the rate limiting is operating per PoP (e.g. datacenter / facility), so if you have 5 users flooding your website, and they are reaching 5 different Cloudflare PoPs, that could mean that it will require 5 times the traffic you’ve configured, before the rate limiting kicks in.