This Tuesday we received a very large number of DNS requests against servers in my infrastructure, mostly from Cloudflare IPs. And open case in Cloudflare support but they sent me a standard response that has nothing to do with it. How can I ask them to review the topic?
Does your site use Cloudflare? If so, have you made sure you are restoring IP addresses? If you’re not, all requests will appear to come from Cloudflare.
I haven’t services contracted to Cloudflare. I received about 120 MB per minute of DNS queries from cloudfare IPs for 2 hours last Tuesday.
What’s the ticket number?
You should be able to reply back to the autoresponse to re-open the ticket.
Hi, the ticket is #2205525.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.
There are two circumstances where it might appear that Cloudflare is attacking your site.
- You’re a Cloudflare customer for your website(s). Since Cloudflare is a reverse proxy for our customers’ sites, Cloudflare IPs are going to show in your server logs until you install something on your server to restore original visitor IP, such as
ngx_http_realip_modulefor NGINX servers.
Solutions for seeing original visitor IP for Apache, NGINX, and other servers and applications are listed here: Restoring original visitor IPs – Cloudflare Help Center
- You’re getting attacks from Cloudflare’s IPs because they are being spoofed. Cloudflare does not send traffic over anything other than http:// (ports 80 and 443), so getting attacked by UDP requests means you are likely seeing a DNS amplification attack, see this article for more information.
If your situation does not fit any of the circumstances listed above, please contact support and we can provide solutions for handling an issue that looks like an attack from us.