Cloudflare not blocking DNS properly

I have server setup on linode that is routed to my DNS that is hosted here through an A record. However when I leave my API Server running I am getting requests that are still coming through even though I have firewall rules in place that prevent everyone but my IP from accessing the IP address at all. Why is that people are allowed to send these requests cf_scripts/scripts/ajax/ckeditor/ckeditor.js to my server?

Can you see the remote IP of that request? Is it Cloudflare, or someone directly connecting, bypassing Cloudflare?
Make sure you’ve properly secured your origin server from direct connections from other parties then Cloudflare.

Block all requests to your web server (usually 80/443) except from Cloudflare IPs.

If the request is through Cloudflare, I would double check you don’t have any other custom rules that could be conflicting/allowing them access.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.