Can "bad host" be filtered?

We use EPiServer DXC environment, which includes cloudflare. There was recently a DDoS attack. EPiSErver sent us the cloud flare logs and we see that 100% of the attacks came from IPS labeled in the cloud flare logs as “bad host”. So cloudflare knows that these are dodgy IPs.

We use cloud flares WAF to block certainly countries. We cant do it directly, but we can ask EPiServer to add countries as they have full access to the Cloudflare WAF.

We naturally asked EPiServer to block “bad host” ips for us, but they said that cloud flare doesnt support this.

Is this true? I.e. cloud flare can identify probable malicious IPs, but not do anything about them? this would seem pointless if true.

Have not ever seen that nomenclature in the logs referring to an originating IP address.

1 Like