How to WAF block a CGNAT IP

What is the name of the domain?

example.com

What is the issue you’re encountering

whatismyip.com reports 1.146.126.82 cloudflare will not WAF block that ip.

May I ask if your domain is using correct Cloudflare nameservers assigned to your Cloudflare account?

Are your DNS records proxied :orange: ?

Could you share a screenshot of your custom WAF rule?
Any other security settings configured, enabled or allowed at Cloudflare dashboard?
May I ask if the particular WAF rule is the 1st from above on the Custom WAF Rules list?

Sorry. Clicked send a bit quick.

Yes DNS proxied and has been working for several years. First WAF > Tools rule.
We have been blocking etc extensively with cloudflare for several years.
Have just noticed these CGNAT ip’s that cloudflare will not block. We are of course assuming they are CGNAT, but they certainly seem like it. Telstra mobile 1.146.72.143

Pretty simple WAF>Tools>IP block first in the list.
We also notice that when cloudflare sends us traffic, we do not see these CGNAT ip’s in CF-Connecting-IP instead we get reserved IP’s such as 254.209.70.214

(Australia)
Simple test is use NBN type provider as AussieBroadband…

CF-Connecting-IP received at our web servers as the same IP
Block that IP at cloudflare WAF
Traffic is blocked at cloudflare.

Use Telstra mobile internet (either cell phone or 5g modem) and check ip address with whatismyip.com we see the 1.146.72.143 range addresses… (correctly identified as telstra etc)
CF-Connecting-IP is received as 254.209.70.214
Add a waf block at cloudflare… for either that reserved IP 254.209.70.214 or the 1.146.72.143 and traffic is not blocked.

How do we block specific visitors from such IP’s? It seems cloudflare refuses to block them.

This looks like you have activated the Pseudo IPv4 function in Cloudflare.

This would mean that the initial connection was made via IPv6, so your IPv4 block wouldn’t have any effect.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.