Cloudflare IPs and ddos.sh (DDOS-deflate)

Hi, i have a question.

My domain is behind cloudflare-free, and my host is running vestaCP nginx+apache with out-of-the-box configuration. I installed DDOS-deflate () and tested it using HULK.py.

The problem is, my own ip acts like a normal traffic (1 hit), and the cloudflare ip ranges are the one ddosing my host. See https://prnt.sc/n3swe9

Is there a configuration amiss?

Since Cloudflare is a reverse proxy, the IP address from network will show up as one of Cloudflare’s IPs. You should make sure you’re restoring IP addresses so that the IP used for profiling, and the IP in the logs, is the visitor’s IP instead of Cloudflare:

hi there,

default nginx config of vesta is like that: https://prnt.sc/n4bjyh

But i am boggled how can my own ip (i am the initiator of the DOS) marks as 1 hit, and the CF ips as the ddosers.

i am also discussing this problem with the ddos-deflate author, but if you have ideas as to why, i would appreciate

If the tool goes through Cloudflare, then Cloudflare IPs will show up in your logs. That’s why you should instead be using that NGINX module and/or manually restore from the Cf-Connecting-Ip header (or $http_cf_connecting_ip in nginx). As for why there is one hit from the real IP, i’m not sure. Probably something with DNS or the tool.

This topic was automatically closed after 30 days. New replies are no longer allowed.