These requests appear to be certificate verification requests from Cloudflare, but they are being blocked by the custom rules I have set. Should I allow them?
The IP range (e.g. 2606:4700:1101::/52) and AS number have previously been used for something by Clouflare, e.g. here:
Just curious though, did you add âKnown Botsâ to be able to skip these firewall rules?
For anyone to be able to create certificates on your domain through that, they would need to have access to your server (or e.g. Cloudflare, as a middle man on Proxied (
) records), to be able to create and serve that file, and if they are, you would be in much severe trouble than if youâre letting everyone being able to request a file on you domain.
Alone being able to request the /.well-known/acme-challenge/spaghetti file, doesnât mean that you are able to create or adjust it in any way, nor that you would retrieve the âspaghettiâ token on the current domain control validation request.
As such, restricting access to be able to request files in e.g. /.well-known/acme-challenge/ may not make that much sense after all.
1 Like
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.