Cloudflare IP Address is out of /ips/ scope

I have an issue related to IP address used by Cloudflare. When I request my domain (cloudflare proxy is on) the actual connection to my server happens from IP 185.2.168.3 that is out of Cloudflare IPs scope.

PS I am connecting to DirectAdmin control panel that is on 2083 port which is supported by Cloudflare.

Doesn’t look like Cloudflare IP for me. Cloudflare have tons of ip addresses.

image

Yes, but you suppose to know them, to setup whitelists properly.
Also, in addition to that, such connections don’t forward original visitor IP for some reason.

I can add, that when I blacklist this IP, I have a timeout connection error from Cloudflare. When I disable Cloudflare proxy I have a correct IP logged. So I have no doubt that the specified IP is used by Cloudflare.

Has 72 hours passed and can I get finally some @MoreHelp? Ticket id is 2257571.

Actually, not yet :wink:

2 Likes

It has been a week. I have neither replies here nor to my ticket. What my next actions should be?
Thanks.

As I’ve already mentioned, I am 100% sure that this address is used by Cloudflare. It is not even a question. I used different techniques (mentioned above and some more) to make sure.

A few services report this IP as a proxy or bad reputation IP.

Are you absolutely sure that you have not changed your hosts file for testing directly to the server and tried to access the server while using a VPN?

Yes, I am 100% sure that Cloudflare uses it for 2083 port (usually used for cPanel) connections.

Also, byethost (IP user) is a very big webhosting provider that uses cPanel. And I don’t know why Cloudflare uses their servers to proxy connections to 2083 port, but I want to know, so I am here.

@MoreHelp It has been almost 2 weeks. I have neither replies here nor to my ticket yet. Thanks.

How are you recording where the actual connection comes from?

The IP is actually registered by Wildcard Networks (AS34119) and assigned to IfastNet in Newcastle. It looks like it’s nested hosting providers. Who is your hosting provider?

1 Like

It doesn’t matter. I tried different options. The most accurate way that I tried is using csf (iptables logs). But the webserver access log shows the same IP anyway.

I wouldn’t like to say the provider publicly here (I could dm you if private messages work), but AS34119 has nothing in common with my provider or my provider’s AS. I should have incoming connections from cloudflare AS13335 which I have in my upstream (Cloudflare is peering in the same DC).

Its been almost 1 month since I started this topic. And it has been 10 days since I received the first reply to my ticket and replied back. The issue is still not fixed.

Meanwhile, I made an additional test deploying nginx (listening 2083 port) on GCP node (Belgium DC) and it receives requests from the same IP 185.2.168.3 when Cloudflare proxy is ON.

By the way, anyone here can make the same test if you doubt that I can log IPs properly.