It might depend on the web server configuration as far as you can combine the output to the log files as you want
For example, you could have your web server configured to log the client IP and some other headers like X-Forwarded-For, which would result seeing a âcombined IPâ separated by the comma , string or some other kind of type.
Are these maybe the crawlers or bots? Did you analyze your web traffic?
Are the naked domain and www DNS records proxied? ( cloud)
Bypassing, does this mean like comming directly to your server IP address?
Nevertheless, depending on the attack type and using Cloudflare security options like Firewall Rules, etc., consider blocking some of the known âbad user-agentsâ, âcrawlersâ or âbad ASNsâ using below posts:
Make sure to protect your admin / login page, if you have one. We can use Cloudflare Access / Zero Trust (Teams):
Last but not the least, kindly see more by reading Cloudflare articles which contain a lot of helpful information for better understanding and usage as well in terms of Security and Protection: