CSF blocks Cloudflare IP in WP with WP-Rocket




I have a dedicated server with cPanel. I have installed ConfigServer Security & Firewall (csf).

I am using Cloudflare in one of my websites, with Wordpress and WP-Rocket plugin, that works very well with Cloudflare.

I have whitelisted in csf all Couldflare’s IP, as per this page: https://www.cloudflare.com/ips/

Now, I keep getting warnings like the one below, about Cloudflare’s IPs.

How can I solve this? I have seen a solution but only works if I use “cPanel integration”.
Can I use “cPanel integration” AND WP-Rocket?

Thanks in advance for your help!


Time: Wed Nov 8 00:03:08 2017 +0000
IP: (NL/Netherlands/-)
Failures: 5 (mod_security)
Interval: 3600 seconds
Blocked: Permanent Block (IP match in csf.allow, block may not work)

Log entries:

[Wed Nov 08 00:03:03.189707 2017] [:error] [pid 24211:tid 139808139560704] [client] [client] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file “/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf”] [line “30”] [id “949110”] [msg “Inbound Anomaly Score Exceeded (Total Score: 20)”] [severity “CRITICAL”] [tag "applicati…


Hi there - did you ever get this resolved? If not please file a ticket with support @ cloudflare (if you haven’t already) and let me know the ticket number.


You need to install the cloudflare plugin to pass the real IPs