Sorry, you have been blocked You are unable to access xpngo.info
What is the issue you’re encountering
I am experiencing a critical issue with DDoS protection on my server, which is behind Cloudflare’s DNS proxy. However, today, it appears that Cloudflare is detecting all incoming requests as part of a DDoS attack and consequently dropping them.
Is it possible to use the following solution to resolve the WAF issue?
By deleting the A record for a few hours, the domain traffic will no longer be directed to the WAF, and perhaps this change will fix the incorrect CF firewall structure!
After nearly 36 hours, the issue that has arisen on CF for my service remains unresolved, despite my attempts to exhaust most possible solutions. This situation is causing me significant financial penalties and reputational damage.
I want to emphasize that my service has been operating with the same configuration for over a year without any changes to the server settings, Cloudflare configuration, or the type and volume of incoming traffic. However, Cloudflare’s WAF has classified all incoming traffic as an HTTP DDOS ATTACK, cutting off access to the host.
After reviewing the event logs and analytics section of Cloudflare, I have concluded that all incoming traffic to Cloudflare has originated from authorized users, and there is no abnormal traffic.
I would also like to point out that I have two different domains on this account with identical configurations and traffic patterns. One domain and its associated server are working perfectly, while the other is experiencing this issue.
Please provide any assistance or guidance that you can.
I cannot reproduce the same and cannot see the error since it looks to me like you’ve been missing the A type of the DNS record for your domain pointed to your origin host/server.
;QUESTION
uk-v.xpngo.info. IN A
;ANSWER
Record not found!
You’re correct. The reason you couldn’t see the A record is because I removed it. I hypothesized that temporarily removing the record for a few hours might resolve the issue, but unfortunately, it didn’t. I have since re-added the A record, but the problem persists.
Regarding the firewall settings, I want to emphasize that I did not make any changes to the firewall configuration before the WAF started incorrectly identifying traffic as an HTTP DDOS attack. In fact, I was asleep when the issue began.
I am now reverting all settings to their original state so you can investigate further.
I kindly request your urgent assistance, as this issue has caused significant problems for me.
Thank you in advance for your help.
Kindly, may I ask you to double check the Security → Events with Filter of the “Ray ID” from my screenshot above 8e089e865aff5af4 - or just Country equals
Once found, click on the particular one to expand and get more details about this and share the information here what kind of service was triggered that blocked me from accessing your Webpage?
Was it Security Level, was it WAF Custom Rules, or something else configured for the Security & Protection options and features enabled for your domain?
Thank you in advance.
Yes, I understand that the reason for the multiple requests from your end was due to you pressing F5.
I would like to provide you with screenshots of several WAF configuration pages to demonstrate that I have not made any specific or unusual configurations, and everything is set to the default. I want to reiterate that these settings have been working flawlessly for the past year, and I have not made any recent changes. In fact, I haven’t even logged into the Cloudflare panel.
Do you have any ideas or suggestions?
Is there a solution I can try?
If there’s any option, please let me know so I can test it.
I should also mention that I have two different domains on this Cloudflare account. All the settings for these two domains are identical. The type and amount of traffic for both servers are the same. One of the domains is working perfectly fine, while the other one is facing this issue.
I apologize for such events, however I have no clue yet about this so far why and how does it happen as it shouldn’t Appreciate your effort and feedback!
Kindly and patiently wait for some more time, maybe someone else might have some idea and answer.
I am very grateful for your time and assistance.
Your kindness and support are greatly appreciated.
I wanted to ask if there is a way to completely disable the WAF?
Also, is it possible to configure settings so that I only use Cloudflare’s DNS proxy and completely bypass the firewall?