Highest level of security + few rules enabled, but there is still plenty of same malicious traffic

shakitko · April 6, 2020, 11:00am

Hi community and experts, your advice is highly appreciated.

I’ve enabled ‘under attack mode’, plus created few firewall rules based on user agent with the CHALLENGE (captcha) action. From what I see in my access logs (and google analytics) - there is still traffic accessing the site. In the access logs I don’t see CF token in the URI by the way.

I am thinking, there are ways to bypass CF (in example manually set-up NS) right… But how can I improve the situation and ensure everything goes through CF?

Relates to the previous topic: How to understand and tweak rules based on captcha success rate

shakitko · April 6, 2020, 12:16pm

I am reading this now… CloudFlair: Bypassing Cloudflare using Internet-wide scan data - Christophe Tafani-Dereeper

shakitko · April 8, 2020, 1:51pm

I understand that some of the traffic is bypassing Cloudflare… Though, I tried to implement iptables way of allowing connections only from ipv4 and ipv6 ranges… But it didn’t help - in fact I locked out all traffic.
Really strange.

So the issue is still relevant.

system · May 6, 2020, 11:00am

This topic was automatically closed after 30 days. New replies are no longer allowed.

Topic		Replies	Views
It's possible to bypass Cloudflare? General	18	15137	January 25, 2020
Cloudflare not stopping DDOS Attacks Security	6	5923	September 30, 2020
Bot /scraper attack bypassing (Under attack mode) Security	3	1616	October 1, 2023
Firewall being bypassed (Captcha, JS Challenge, Block) Security	9	7494	March 30, 2020
CloudFlare Bypassed? Security	3	2438	December 2, 2019

Highest level of security + few rules enabled, but there is still plenty of same malicious traffic

Related topics