I wanted to pick up on another discussion posted here that didn’t lead to anything conclusive (Do I need mod security and evasive module for my Apache2 when using Cloudflare?).
My question is if an Apache server is firewalled to Cloudflare’s IPs and a user triggers either Apache’s WAF or rate limiter (ModSecurity/Mod_Evasive), will the user (and only the user) get blocked? How will the server distinguish between the user and all other users coming from Cloudflare? Won’t Apache’s defenses simply blacklist Cloudflare’s IPs?
Wanted to complement our Cloudflare configuration with ModSecurity/Mod_Evasive, but I am having a hard time seeing how it will not backfire on us. I do not have experience with these modules working with Cloudflare. Let me know if I’m missing a fundamental element here.