Excessive requests from CloudFlare-Traffic-Manager to non-CloudFlare IP

My new server <IP REDACTED> for which I have not configured any Cloudflare services — has been receiving a steady 20 req/sec from this user agent since Dec 14:

Mozilla/5.0 (compatible; Cloudflare-Traffic-Manager/1.0; +https://www.cloudflare.com/traffic-manager/; pool-id: 6eb2061a81647ff8)

Spot checking the client IP addresses, they all seem to be coming from Cloudflare’s network.

Because I have not configured Cloudflare in front of this app, I do not understand why Cloudflare-Traffic-Manager has been hammering it (relatively speaking) with traffic. I’m hoping this is just a misconfiguration somewhere, and that the pool-id: 6eb2061a81647ff8 metadata in the user agent will help figure out where.

This elevated request volume will cost me actual money, so I’d really like to put a stop to it if possible.

I would really appreciate any help you can provide!

1 Like

This has happened to me in the past, and the only way to get it resolved was through support.

Are you a Cloudflare customer? If so, you could open a support case yourself. Otherwise we can escalate it here to try and get it resolved.

It is more than likely a remnant of an older load balancer config. If you do not use Cloudflare at all on that server you could just block all traffic from Cloudflares IP addresses (https://www.cloudflare.com/ips) while you wait for the traffic to stop.

Hi Michael, thank you for your feedback. Unfortunately, I don’t have a customer account with Cloudflare. It would of course be great if someone from the staff could convert this post into a support ticket. Thanks for the link with the IPs, I will be able to solve the problem at least temporarily while I wait for the feedback from Cloudflare.

1 Like

Thanks for confirming you don’t have a customer account at Cloudflare. I’ve asked our Load Balancing team about your case. For now I’m going to wait for their response before we get to a ticket.

What IPs are you seeing with that header?

I wonder if somebody made a typo error in their configuration, or if its a possible somebody is spoofing our headers.

Thank you kampjose for your feedback. Here is a screenshot from the LOG file of the server

1 Like

Thanks again! I’ve updated our team and will let you know what they say.

@Ubuntu22 I’ve got an update from our team. We’ve found an account that is using our services which is pointing to your IP. Our team has reached out to that account to have them adjust their configuration to no longer point to your IP.

3 Likes

Thanks kampjose, that sounds like a final solution. I was already thinking that it would be an old IP in a CF project. Maybe the ISPs should think about creating a protocol that communicates the released IPs of cancelled servers to CF.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.