My domain is behind Cloudflare-free, and my host is running vestaCP nginx+apache with out-of-the-box configuration. I installed DDOS-deflate () and tested it using HULK.py.
The problem is, my own ip acts like a normal traffic (1 hit), and the Cloudflare ip ranges are the one ddosing my host. See Screenshot by Lightshot
Since Cloudflare is a reverse proxy, the IP address from network will show up as one of Cloudflare’s IPs. You should make sure you’re restoring IP addresses so that the IP used for profiling, and the IP in the logs, is the visitor’s IP instead of Cloudflare:
If the tool goes through Cloudflare, then Cloudflare IPs will show up in your logs. That’s why you should instead be using that NGINX module and/or manually restore from the Cf-Connecting-Ip header (or $http_cf_connecting_ip in nginx). As for why there is one hit from the real IP, i’m not sure. Probably something with DNS or the tool.