Highest level of security + few rules enabled, but there is still plenty of same malicious traffic

Hi community and experts, your advice is highly appreciated.

I’ve enabled ‘under attack mode’, plus created few firewall rules based on user agent with the CHALLENGE (captcha) action. From what I see in my access logs (and google analytics) - there is still traffic accessing the site. In the access logs I don’t see CF token in the URI by the way.

I am thinking, there are ways to bypass CF (in example manually set-up NS) right… But how can I improve the situation and ensure everything goes through CF?

Relates to the previous topic: How to understand and tweak rules based on captcha success rate

I am reading this now… https://blog.christophetd.fr/bypassing-cloudflare-using-internet-wide-scan-data/

I understand that some of the traffic is bypassing Cloudflare… Though, I tried to implement iptables way of allowing connections only from ipv4 and ipv6 ranges… But it didn’t help - in fact I locked out all traffic.
Really strange.

So the issue is still relevant.

This topic was automatically closed after 30 days. New replies are no longer allowed.