How could detect client's identify serverside using Cloudflare WARP?

Our server is in DDOS attack, and many ips is from Cloudflare WARP, ex: 2a09:bac5:55f2:1028::19c:5f. Attacker use large amount of ips, and change it very often. We applied rate limit based on client’s ip, but it didn’t work as expect. How could we determine client’s identify (ip or some other infomation) hidden behind Cloudflare WARP.

P/s: Our site is using Cloudflare DNS service.

I searched on Cloudflare but seem they complete hidden client’s real IP as new policy.

If Cloudflare is launching a DDoS through Warp you should post data here to be escalated, contact Abuse approach - Cloudflare or open a support ticket. If there is no reasonable response, try twitter.

Like any ISP Warp is a consumer network. Block it; if the provider can’t keep it in check.


Unfortunately, some our users use WARP to connect also, then block attack means block real user.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.