Getting many hits from cloudflare, no trace in analytics

What is the name of the domain?

services.kit19.com

What is the issue you’re encountering

Getting 28000+ hits from cloudflare IP in IIS while clouflare traffic analytics dont show a single hit on the same endpoint

What steps have you taken to resolve the issue?

I have seen a strange thing today. My clients complained of application slowness. On looking at the IIS logs of my api project, I could find 28000+ hits on a particular end point (services.kit19.com/Partner/GetDomainInfo) between 1 PM to 1:10 PM IST. all these were from 2 Ip addresses. On digging further, I got to know these are cloudflare’s Ips. However, since so many hits on this endpoint which is usually not used much looked suspicious so I applied the filter for this end point in cloudflare analytics but amazingly it did not show a single hit. What is happening?

What feature, service or problem is this related to?

Web Analytics

As the subdomain is behind Cloudflare’s proxy, your origin server is going to see all requests as coming from Cloudflare’s Proxy IPs, unless you restore the originating IPs: https://developers.cloudflare.com/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/

This is also why your WAF rule is not getting any hits, as those Cloudflare IPs you’re targeting aren’t the ones originating the requests.

Check your Security Analytics for the zone in question to see the original IPs and target these IPs/ASNs in your WAF rule: https://dash.cloudflare.com/?to=/:account/:zone/security/events

Good luck!

This topic was automatically closed after 15 days. New replies are no longer allowed.