IP bypass the CF protection

Hi this ( 137.117.64.137 ) IP bypass the Cloudflare protection its even not showing on in CF events but it crawl 10k pages of my website.

How to stop this ??

I am using PRO website plan on CF but if someone can still bypass CF protection then what is the use of using CF.

I got the detail of this IP its showing Microsoft Corporation but its not link with bing bot as I checked on bing webmaster tool.

ip: “137.117.64.137”

city: “Hampden Sydney”

region: “Virginia”

country: “US”

loc: “37.3058,-78.5462”

postal: “23960”

timezone: “America/New_York”

asn: Object

asn: “AS8075”

name: “Microsoft Corporation”

domain: “microsoft.com”

route: “137.116.0.0/15”

type: “business”

company: Object

name: “Microsoft Corp”

domain: “microsoft.com”

type: “hosting”

privacy: Object

vpn: false

proxy: false

tor: false

hosting: true

abuse: Object

address: “US, WA, Redmond, One Microsoft Way, 98052”

country: “US”

email: “[email protected]”

name: “Microsoft Abuse Contact”

network: “137.117.0.0/16”

phone: “+1-425-882-8080”

Create a firewall rule to js challenge anything from 137.116.0.0/15

Already block the ASN but this IP bypass the CF not even showing in CF events and crawling the data.

They are probably connecting directly to your origin server then

Is there any setting in CF to prevent direct origin server connection.

I don’t think so, it’s up to you to configure your firewall/WAF on your origin server

You may wish to set your origin server to only allow http/https traffic from Cloudflare’s IPs to avoid other third parties bypassing Cloudflare.