My server keeps being overloaded and I think it’s because of an attack, I normally see many GET requests like the below at the time of the outage:
“GET /.git/objects/e8/3d0f5a8586ef37d33379b0398d5a7fd50939b6 HTTP/1.0” 404 21470
I’ve setup a firewall rule for URI contains /.git but it never blocks these requests. When I test trying to access the same URI I get blocked.
Is it possible they’re bypassing Cloudflare? I have no idea how to check.
The last time this happened I used an IP tracker site to track the IP, it said the source was Romania. I also have a Firewall rule to present a challenge for certain countries, which includes Romania. But this IP didn’t trigger that rule. I also have Rate limiting enabled, 70 requests in 10 seconds - which this IP’s requests should have triggered - but it doesn’t. I’m at a loss as to why these requests get through.
The A and CNAME records for this site are proxied.
Any help appreciated!