Cloudflare handling requests even though proxying is off?

We have a domain whose DNS is hosted by Cloudflare, but all records are configured for DNS only, no proxying by Cloudflare.

Yet, this morning around 3am, the Analytics dashboard reports that Cloudflare handled ~147,000 HTTPS requests for this domain. All the traffic was a spike around that time and then went away again.

What’s the explanation for this? Cloudflare should not be proxying requests for names set to DNS-only, so why do the analytics say that Cloudflare essentially hijacked our domain for a time?

And no load balancer / health checks were running? :thinking:

Web traffic or some kind of an “attack” traffic?

No LBs, no healthchecks, no Argo tunnelling, no nothing as far as I can tell. TLS serving is enabled because we forgot to turn it off, but afaict there’s no path from our DNS to any Cloudflare serving infrastructure.

Analytics say there were 0 threats, so I’m assuming it was real traffic rather than an attack. On the free plan I get almost zero details, other than it was all HTTPS, 147,941 queries total, and happened from 00:00 through 05:00 this morning before vanishing back to zero.

I should add: this domain is getting large amounts (thousand of qps) of real traffic outside of Cloudflare, so it’s not just a domain that’s normally idle but happened to be configured for Cloudflare. It’s a domain with real traffic, and some of it seemingly was slurped up unilaterally by Cloudflare overnight, despite our configuration not telling anyone to do that.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.