Welcome to the entire Cloudflare community.

For a long time I have been struggling with the problem of DDOS attacks on my site. This attack comes from cloudflare addresses. When I use the ‘netstat’ command when attacking in SSH, these addresses appear to me (https://www.cloudflare.com/ips-v4) there are a lot of them. When I block them using the ‘iptables’ command, their number in netstat automatically decreases, however the page does not work because cloudflare returns error 522. This is a vicious circle because blocking one attack blocks access to my page (when I block cloudflare IP I am able to connect site only using a numeric address.)

How to fix this, please help.

Thats not Cloudflare “attacking” your site, but others who access your Cloudflare protected site and who naturally go through Cloudflare’s proxies.

Either turn Cloudflare off, in which case you will notice that Cloudflare does not send any of those packets, or rewrite IP addresses to get the actual client addresses.
https://support.cloudflare.com/hc/en-us/sections/200805497-Restoring-Visitor-IPs

Okey! Thank you very much for response.

I came up with the idea to use Firewall Rules from cloudflare to identify IP. It turned out to be a good choice, cloudflare successfully began filtering addresses and blocking them - the site came back to life.

Thank you for your help!

I still highly recommend to rewrite IP addresses. Your server logs wont be of much use if all they show is Cloudflare’s proxies.

Hello, I have been struggling with Cloudflare for a long time.

Every day in the evening for about an hour access to my site is blocked by Cloudflare because error 522 appears.

The problem is fixed when Cloudflare stops or deletes the proxy in DNS settings. In addition, when the connection is made via IP, everything works. Rather, it is not DDOS because in the console under the command netstat nothing indicates this and cloudflare does not detect anything.

This topic was automatically closed after 30 days. New replies are no longer allowed.