Someone’s deleting posts on my site via web services
Ex
162.xxx.255.xxx - - [09/Nov/2019:18:29:18 +0000] "GET deletePostimage/195/92
how do I even find out who this is if their IP is protected by Cloudflare? (I added real IP to nginx just minutes ago)
RealIP should do it, as all requests coming through Cloudflare include visitor IP addresses in the request header. And once you get that, you can use Firewall Rules to block those requests.
Thanks
So I just have to wait 'til he strikes again. Cloudflare will not give me his real IP unless I have enterprise. Am I correct?
Correct. Your current logs don’t have the visitor IP address, and Cloudflare has no logs unless you’re on Enterprise.