Ddos effect

Hello Team,

our website was with Cloudflare protection and with firewalls but we are getting users avoiding this filter and damaging our site with all the spam hits.

The same is observed today and Friday & Saturday of last week (11/22/19,11/23/19), we would like to have a solution where we can block the users from these effects

Are you saying people are bypassing Cloudflare? In this case you need to configure your firewall and webserver to only accept connection requests from Cloudflare networks and reject everything else.

we are able to see that it is from the cloudfare and the difference in the visitor count is clearly shown in the analytics page, unable to justify whether it is bypassed or made some extra changes to target our website

Well, first you need to establish if they bypass it or not. Then you can take appropriate steps.

hello team,

we made the changes as per request as earlier but we are facing issues with this in later,

we added these in our config such that we allow only the users from these ip’s
Deny from all
Allow from 173.245.48…
from the link https://www.cloudflare.com/ips/

this works perfect on the landing page and once user redirect to another page or refresh the same page, the cloudfare sheild is not shown and the user ip was passed and we are getting a error page 400,

so suggest us the details with the fixes how we fix them or restrict users to allow from cloud fare.

we tried for ufw bit us blocks all the subdomains,we have a open API link and that should be open for all without any restrictions as we cant find the users who are requesting the service .

please provide us a solution ,

Thanks in advance

plz reply

Your approach suggests you are not rewriting IP addresses on a webserver level, which means you wont save the actual client addresses in your logs.

I would not do that, but instead rewrite the IP addresses on a webserver level and filter for Cloudflare addresses on a firewall level. That might also fix the configuration issue you seem to have introduced with whatever you have configured now.

Hello sandro,

Initially thanks for the info, but we are familiar with url rewrites and the change of url for a request from user, can you please share a reference/GITHUB where we can configure the same to enable these firewall for Cloudflare and restrict the rest,

awaiting for a needful reference for a best solution.

Thanks,

Not URL rewrites, you need to rewrite the IP addresses as outlined at https://support.cloudflare.com/hc/en-us/sections/200805497-Restoring-Visitor-IPs

After this you simply configure your firewall to block all addresses except for Cloudflare. If you are not sure how to do this, I’d refer you to StackExchange.