I am receiving excessive hits from some Cloudflare IPs, in particular today it was 172.71.99.153 and 172.71.103.208. I see complaints on AbuseIPDB - https://www.abuseipdb.com/check/172.71.99.153.
Is this normal ?
Is your domain on Cloudflare?
Yes, my domain is on Cloudflare, but the drain on our server is excessive, and other people complained about it on AbuseIPDB. Plus, I read this article about how attacks are coming from inside Cloudflare itself - https://www.securityweek.com/cloudflare-users-exposed-to-attacks-launched-from-within-cloudflare-researchers/
Then that’s absolutely normal. These are regular user requests through the proxies.
You want to rewrite IP addresses
1 Like
You should also verify that you did not disable encryption on Cloudflare and make sure your encryption mode is Full Strict.
Ok, I will check on all this. Thanks for your help, it is greatly appreciated.
No worries.
These two things
- Check if encryption is enabled - it needs to be Full Strict
- Rewrite IP addresses on the server to get the actual client addresses
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.