Captcha problem on my site

Hello, I have a problem. If the captcha is activated on my site, it does not work. I find many invalid requests on my site without solving the captcha

They may have solved the CAPTCHA. Or they may be completely bypassing Cloudflare and connecting directly to the IP address of your server. You would have to find a way to block any traffic that’s not coming from the list at cloudflare.com/ips

Ok sir, thank you very much for your reply
There is something strange here, sir
This malicious traffic is coming from ip cloudflare but the problem is it’s not in the list you sent
172.70.130.0/24

It’s on the list:
Subnet Calculator - Vultr.com

I get a block when I try to reach your site from the US. So you have some other firewall rules. Can you post a screenshot of your firewall rules list?

I have now blocked all traffic from entering my site so that I can analyze what is happening and my account is free, but the problem is not with the free or paid account The problem is that there are aphorisms that belong to cloudflare, but they are not in the list
These emojis are not in the list and they enter my site. How does this happen? I did not understand whether I can block these idioms or not
172.70.130.0/24
172.70.131.0/24
188.114.111.0/24
Many of these epithets are not on the list that you set for me. What do I do now, do I ban them?

As previously pointed out, those ips belong to the IP ranges Sdayman presented you earlier.

1 Like

Thank you, but do I block all other IPs, yes or no?
Which IP Ranges is not in this list Do you block it even if it belongs to cloudflare

No.

You can block all of them if you want your site to break completely…

1 Like

You would have better luck if you restored your visitor IP addresses:

https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs

1 Like

Thank you, but all this explanation is for servers only. There is no special code to put in the htaccess file

order deny,allow
deny from all
allow from 103.22.200.0/22
allow from 103.21.244.0/22
allow from 103.31.4.0/22
allow from 104.16.0.0/13
allow from 104.24.0.0/14
allow from 108.162.192.0/18
allow from 131.0.72.0/22

Can I make a code like this and put all the cloudflare menu icons in the .htaccess file?

If you’re going to use .htaccess to block bypasses, try this tutorial:

But .htaccess will not restore visitor IP addresses. Best to use Wordfence if it’s a WordPress site, as Wordfence has some pretty good blocking and protection built in.

3 Likes

Thank you, but I didn’t do much of this explanation
I was putting a code like the one below on my site I was putting a code like the one below on my site, does it work for cloudflare

RPAFenable On # When enabled, take the incoming X-Host header # and update the virtualhost settings accordingly: RPAFsethostname On # Define which IP's are your frontend proxies that sends # the correct X-Forwarded-For headers: RPAFproxy_ips 103.22.200.0/22 104.16.0.0/13 # Change the header name to parse from the default # X-Forwarded-For to something of your choice: # RPAFheader X-Real-IP order deny,allow deny from all allow from 103.22.200.0/22 allow from 103.21.244.0/22 allow from 103.31.4.0/22 allow from 104.16.0.0/13 allow from 104.24.0.0/14 allow from 108.162.192.0/18 allow from 131.0.72.0/22

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.