If someone is using WARP (https://1.1.1.1/) to spam our services (not necessarily just web sites), what’s the best way to report that?
there’s https://abuse.cloudflare.com/general but with WARP there’s no origin IP to make a complaint about so how can we ensure the abusing party is stopped?
We’d prefer not to block cloudflare IPs.
Hi,
Thank you for reaching out to us. There is not a way to review historical data about IPs. Attackers abusing WARP unfortunately does happen from time to time. We constantly investigate reports of abuse via WARP and other sources and make improvements to mitigate abuse of WARP as much as possible.
If you want to be certain of your egress IPs, I would recommend dedicated egress for WARP:
To prevent similar attacks in the future, we would suggest deploying rate limiting:
That being said, would you mind submitting a ticket providing us with more information for further investigation regarding this?
Kindly,
thanks so much for replying.
while the rate limiting rules can be effective, they only apply to web apps while leaving other services out such as ssh, smtp, rdp, or even http/s running on non traditional ports.
the egress policy can be useful but only available on enterprise plans. we know that even the free zero trust plan can secure the services but that requires some integration with cloudflare and some companies may not want to get that deeply involved, for example creating tunnels, managing security on an additional platform, and having all users install and use warp.
at this time we haven’t had any identifiably serious abuse from warp, so the question was hypothetical. but as we block more and more avenues to reach our network while allowing warp through, it’s inevitable that we will experience some abuse.
good to know that cloudflare actively monitors and mitigates warp abuse. if and when we experience abuse via warp, what’s the best way to report it?
Hi,
Thank you for your reply. If you experience something like this just let us know by submitting a ticket and we’ll be glad to take a closer look at this.
Kindly
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.