The last few weeks we’ve been getting blocked or inspected when going to numerous Cloudflare websites (not ours, as we’re not a Cloudflare customer), and has been getting worse the last few days. We opened up a free Cloudflare account to access the Security Center, and we found that Cloudflare is seeing Layer 7 DDoS traffic from our IP space.
We’ve been trying to find a human to talk to that can help us determine what traffic Cloudflare views as malicious, but have been unsuccessful. What’s the normal process for a non-customer to get some insight as to why they are being blocked?
Cloudflare provides tools for site operators to secure their resources. Cloudflare has no control over how site operators use those tools. Your only option is to communicate with the individual site operators.
We are currently blocked access to 50+ sites (that we know of), it’s not reasonable to work with each one. Since Cloudflare is providing those website operators with a (possibly incorrect) reputation score of our IP space that they can act on, surely Cloudflare has a way to tell IP space owners why their reputation is low. That’s not the responsibility of the website owners.
You can try to check your IPs reputation at https://www.projecthoneypot.org/ but it’s not guaranteed…
If they choose to block you based on reputation or threat score, then you need to perform a check at your network and devices to see if they have been modified, infected, used to send spam, used as proxies/hosting etc… If everything goes well, your IP reputation should increase after… Well… 14 days or more.
Block requests by Threat Score: A powerful feature of firewall rules is its support for Cloudflare’s Threat Score, which ranks requests based on IP reputation. The
cf.threat_score field can contain a score from 0 to 100. These scores are collected from Project Honeypot
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.