Hacker bypassing Cloudflare by making http requests to mail subdomain

What is the name of the domain?

lewisimages com

What is the error number?

none

What is the error message?

none

What is the issue you’re encountering

Australian hacker is making http requests to mail subdomain which bypass Cloudflare completely but end up redirected to www

What steps have you taken to resolve the issue?

Tried to set up a country rule but it doesn’t work because they are targeting the mail subdomain which isn’t proxied.

What feature, service or problem is this related to?

Mail records

What are the steps to reproduce the issue?

in a browser enter http://mail.lewisimages com and you end up at www.lewisimages com

1 Like

Make sure your origin web server only allows connections from the Cloudflare proxy by setting your firewall to allow connections to ports 80 and 443 only from these IP addresses…

$ curl http://mail.lewisimages.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://mail.lewisimages.com/403.shtml">here</a>.</p>

Maybe you have changed something since your post, but if I visit the address you gave, it redirects to an (https) error page, but not to www.lewisimages.com.

What exactly is the problem?

We restricted the incoming IPs to the list of Cloudflare IPs provided.