Hi,
My IP address has been hitting the challenge site since a few days ago on all websites protected by Cloudflare. How can I find out why Cloudflare thinks I’m suspicious and what can I do to fix this if I’m not Cloudflare’s customer?
I checked several “IP reputation registers” and can’t find anything. Is Cloudflare using any of them?
A partner company which has affected services shared some of their firewall logs
{
“action”: “block”,
“botScore”: 12,
“botScoreSrcName”: “Machine Learning”,
“ja3Hash”: “”,
(…),
“rayName”: “80679e84237434bc”,
“ruleId”: “l7ddos”,
“rulesetId”: “”,
“source”: “l7ddos”,
“userAgent”: “nginx-ssl early hints”,
“wafMlAttackScore”: 100,
“wafMlSqliAttackScore”: 100,
“wafMlXssAttackScore”: 100,
“wafRceAttackScore”: 100,
“matchIndex”: 0,
“metadata”: [
{
“key”: “dos-source”,
“value”: “dosd-global”
}
],
“sampleInterval”: 215
}
how can we dig deeper to find out what is tripping the rule, or on which blocklist did we land?
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.