Cloudflare unknown operations

I have connected custom domain to my cloudflare R2 yesterday but got some class B operations between regular intervals even I haven’t made it public yet and ensure that no one knows other than me and not used by myself between these intervals.

Same thing happening in my account analytics where I have some whooping 3.14k requests from different counties in 24 hour of setup and no one knows anything except me.

If this is known thing, please let me know how I can prevent both of these things.
Thank You! :blush:

The main way bots/scrapers find your domain and send those requests is off the Certificate Transparency (CT) Logs. Every newly issued certificate goes into public CT Logs, which bots use to find websites to scrape for information/vulnerabilities. When you add your domain - it gets issued a Universal Certificate. Other Custom Domain features like Pages, R2, and Worker Custom Domains all also issue certificates.
There’s no way to prevent it, the purpose of CT Logs is to prevent a trusted Certificate Authority from abusing their authority/making every certificate traceable. You yourself can track all certificate issued for your domain, Cloudflare offers this as a feature under SSL/TLS → Edge Certs → Certificate Transparency Monitoring.

Nothing you can do about it - 3.14k requests doesn’t sound too excessive considering you got 2 or 3 certs issued for your domain (Universal, Backup, R2 Custom, at least). You could try to make some firewall rules to block common malicious requests (like including /wp- if not using Wordpress, ending with .php if not using PHP), Pro’s WAF Managed Ruleset has a few free rules as well to block common information leaking requests, like to .git and such. Ultimately though those requests are mostly harmless if you’re not vulnerable and keep everything upgraded.

1 Like

I’m seeing some slow speed when i try to access a pdf file of 400kb in my app.
When using R2 its taking some time to load and the pdf even I have god 5G internet connection but when i access same file from github pages which i have created for testing retrieves the pdf instantly.
Even though I have only me accessing the single small file from R2 I can notice the difference. I don’t know what will happen if app goes public and have users increasing.