Compatibility between Cloudflare and ModSecurity/Mod_Evasive

Hello everyone,

I wanted to pick up on another discussion posted here that didn’t lead to anything conclusive (Do I need mod security and evasive module for my Apache2 when using Cloudflare?).

My question is if an Apache server is firewalled to Cloudflare’s IPs and a user triggers either Apache’s WAF or rate limiter (ModSecurity/Mod_Evasive), will the user (and only the user) get blocked? How will the server distinguish between the user and all other users coming from Cloudflare? Won’t Apache’s defenses simply blacklist Cloudflare’s IPs?

Wanted to complement our Cloudflare configuration with ModSecurity/Mod_Evasive, but I am having a hard time seeing how it will not backfire on us. I do not have experience with these modules working with Cloudflare. Let me know if I’m missing a fundamental element here.

Thanks,

I’ve bumped into another post here that mentions Mod_RemoteIP to address a flood attack from behind Cloudflare (Http request flood).

How would this Apache module interact with ModSecurity/Mod_Evasive? Would it effectively ensure that the server’s defenses recognize and take action against the actual client IPs that are the origin of the attacks?

This topic was automatically closed after 30 days. New replies are no longer allowed.