If i ban the country in cloudflare… that means I don’t need/want anything in that country hitting my servers including cloudflare servers? regardless of where the connection came from.
Thing is that users in Belgium,say, may be routed via NL at times etc. So you definitely need to think about rules for end-user and rules for your CDN as two different things. Blocking NL inc. data centres means you’re blocking non-NL users too.
Should be a setting to allow/deny (blocked ip knocking) instead of spamming connections to the server over and over again?
Should there be a setting that allow/deny (multiple blocked ip knocking attempts per 24 hours per ip) that hits the server to prevent spamming?
Depends how often they’re checking I guess. I’ve never seen Cloudflare ‘spam’ me. Remember that unless you’re resolving the end-user IP addresses what you think is CLoudflare spamming you could be real users hitting you via Cloudflare IP addresses (because that’s what you use Cloudflare for).
Should there be an option to allow or deny vpn connections through cloudflare for that block?
Unless you pay for Spectrum Cloudflare won’t proxy any VPN traffic unless it’s running on an HTTPS port and ‘pretending’ to be HTTPS traffic. If you do want them to proxy VPN stuff then that’s what the Spectrum service is.
I use cloud-flare to protect the server, not spam it.
Me too, works great. And it’s free! As I say - check the access you’re seeing form Cloudflare isn’t legit users being passed on by them. The actually Cloudflare ‘pings’ are essentially negligible.