Back again with the same problem. After many attempts, I still can’t figure out how to stop this. I check raw logs and besides a 2-3 IP excessively hitting the site, I still can’t fix the problem.
Is there any way for Cloudflare to stop them? how come Cloudflare have no support for issues like this one?
I have already block those IPs but the problem continues. I also created a firewall rule, but nothing the problem continues. Does Cloudflare have any support at all?
htaccess is not a good place for blocking just based on IPs. Use your server’s firewall for that.
Since HTTP is based on TCP, and TCP starts with a handshake, it is impossible to spoof IP address over HTTP, so if you see the requests in your server log then either CF firewall is not working correctly or your own mechanism. I suspect the latter.
It seems you are using CF to protect your website from malicious requests and after migrating to CF the problem not resolved, so you added the htaccess rules to allow requests just from your own domain.
Then attacker found your mechanism of defense and spoofed the referrer header and bypassed your security.
CF firewall doesn’t help you in this case coz bad guys are connecting to your server directly and even with a correctly configured firewall, they can DDoS you with enough resources.