Every request seen as DDOS

Our backend is served at iesdev.com and every request from our desktop electron app is being seen as a ddos. For some reason releasing a new version of our app will work for a short time and then start getting blocked again. This happens with firewall completely off and even dev mode on.

Anything showing up in the Firewall Event Logs?

https ddos in 99.7% of our blocks and entries like the below:

{ “action”: “drop”, “clientASNDescription”: “Telefonica del Peru S.A.A.”, “clientAsn”: “6147”, “clientCountryName”: “PE”, “clientIP”: “”, “clientRequestHTTPHost”: “beta.iesdev.com”, “clientRequestHTTPMethodName”: “GET”, “clientRequestHTTPProtocol”: “HTTP/2”, “clientRequestPath”: “/api/lolapi/la1/accounts/name/Azaghâl Dwarf”, “clientRequestQuery”: “?force=false”, “datetime”: “2020-04-10T23:38:00Z”, “rayName”: “58204c8c3d75971c”, “ruleId”: “l7ddos”, “source”: “l7ddos”, “userAgent”: “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Blitz/1.7.1 Chrome/78.0.3904.130 Electron/7.1.14 Safari/537.36”, “matchIndex”: 0, “metadata”: [ { “key”: “action”, “value”: “block” } ], “sampleInterval”: 10}

The paths our the typical most popular calls in our app.

Another note, it only happens from app, if you try https://beta.iesdev.com/api/lolapi/la1/accounts/name/Azaghâl Dwarf from the above error you should get a good result.

Have you tried lowering the Security Level in Firewall -> Settings?

It could be a rule you can’t disable. If lowering Security Level doesn’t work, open a ticket:

Login to Cloudflare and then contact Cloudflare Support by clicking on the Get More Help button.

Security is off and in setting it’s at lowest, essentially off setting.

1 Like

Probably has something to do with the fact that Cloudflare is being DDoSed right now, they have set everything to NAZI mode for the time being (my theory)

This topic was automatically closed after 30 days. New replies are no longer allowed.