Block IP range problem

Am trying to block all IPs in the range from:

159.138.0.0 -> 159.138.255.254

and am using 159.138.0.0/16

but i am still getting IPs from this range hitting my site, i cannot figure out what i am doing wrong

any suggestions please?

  • How do you know they still reach your site?
  • Can you post a screenshot of the block you configured?
  • Have you double checked they go via Cloudflare and do not contact your server directly?

Hi, thanks for the reply. i can see the access in my log files

this is the rule i configured:

am unsure how they would be able to acesss direct unless via the domain name?

That rule should block them. Do you have any other firewall rules?

By going straight for your IP address.

Whats the domain?

the IP doesnt work as its a virtual host. the domain is bestfittings.co.uk

They can still connect to the IP with that hostname.

ahh i see. i have rules also for

(ip.geoip.country eq “CN”) or (ip.geoip.country eq “IN”) or (ip.geoip.country eq “CA”) or (ip.geoip.country eq “ID”) or (ip.geoip.country eq “HK”)

Can you post a screenshot of all your firewall rules?

Assuming that your server IP ends in 222, it would seem your server accepts all connections and that would allow them to circumvent Cloudflare. Reconfigure your server so that it only accepts connections from Cloudflare servers.

ok, i think i understand, so if i add apache rule on my server to only accept connections from the cloudflare IP(s)?

That will only work if you are not rewriting IP addresses (which you should). You better block this on a firewall level.

I was referring to the list of firewall rule, not each rule individually. Could you post a screenshot of the former?

Did you mean like this?

Yes, but priority shouldnt be an issue in this case. Also, you could combine all of these in one rule. Furthermore you wouldnt even need to block that IP range as you block Hong Kong anyhow.

At this point my guess would be they circumvent Cloudflare. Configure your firewall to only accept Cloudflare connections and then take it from there.

That should be enough

(ip.geoip.country in {"CA" "CN" "HK" "ID" "IN"}) or (cf.client.bot) or (ip.src in {159.138.0.0/16})

Thanks for taking the time to help. Will try blocking at server as you suggest

This topic was automatically closed after 30 days. New replies are no longer allowed.