Can Someone By Pass Cloudflare to Access My Website

asifsh007 · November 20, 2023, 7:41am

Hi Everyone,
I am a newbies in the world of WWW. I am having following issue.
My website is getting traffic that is not present in Cloudflare security events log. The log of Wordfence, a WordPress security plugin, shows that on 19-11-2023 at 10:30:23 PM an IP address 156.146.33.72 (a Bot) accessed my website which is not appearing in Cloudflare’s security events log. Wordfence blocked it. This IP address had 92 hits on my website from 10:29:40 PM to 10:30:23 PM i.e. in 43 seconds. All the pages accessed were non-existent.
I think that Cloudflare’s security is bypassed to access my website directly.
Can someone please tell me what it actually is.
Looking forward.
Regards

sjr · November 20, 2023, 8:07am

In order to allow only Cloudflare to access your webserver, to prevent connections direct to your origin, you can:

set your firewall to only allow Cloudflare IP addresses to access port 80 and port 443
IP Ranges

OR

add a Cloudflare origin pull certificate to restrict access to Cloudflare accessing your webserver
add your own origin pull certificate to restrict access to Cloudflare using your domain to access your webserver

asifsh007 · November 20, 2023, 6:24pm

Thanks’ for your reply.
Can you please guide me where to add the IP ranges.

sjr · November 20, 2023, 6:28pm

Add them to your firewall or allowlist in your control panel (blocking everything else). If you can’t access that due to your hosting package or it isn’t offered, then one of the alternate solutions is needed.

asifsh007 · November 20, 2023, 6:59pm

I am using Namecheap. Where to find the firewall in c-panel. Please guide.

epic.network · November 20, 2023, 7:47pm

You will need to ask Namecheap or cPanel for help. Cloudflare does not offer cPanel hosting and as such it is off-topic for discussion here. You may also want to seek assistance in a general webhosting or cPanel forum.

asifsh007 · November 20, 2023, 8:03pm

Namecheap refused to help on ip/firewall thing. They referred me to origin pull certificate thing to Cloudflare article mentioned above.

insideau786 · November 21, 2023, 12:33am

So it means you cant use SSL from cloudflare, as im having some sites there

But i think i m using cloudflare ssl on one of my site

asifsh007 · November 21, 2023, 3:04am

I am also using SSL but they are not allowing to use firewall separately to allow traffic only from Cloudflare IPs.
Is there any wordpress plugin for this?
Please guide me.

asifsh007 · November 21, 2023, 6:37pm

Anyone?

system · November 24, 2023, 6:37pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.