What is the name of the domain?
hqworkspace.io
What is the issue you’re encountering
I tried blocking an IP through both IP access rule and custom rule filtering on a managed list of suspicious IPs. However, I still receive requests’ logs on my servers from this IP. How can I actually block this IP ? it is not normal to not be able to setup easily such a thing with Cloudflare, and worst making me believe the protection is implemented when it is not !
What steps have you taken to resolve the issue?
I get fraudulent requests from the IP address 193.41.206.98, among others.
I tried two ways to block this IP address :
- IP access rule for this IP address.
- Custom rule where this IP is included in a managed list of suspicious IPs to block.
Was the site working with SSL prior to adding it to Cloudflare?
Yes
What is the current SSL/TLS setting?
Full
That hostname is not using Cloudflare proxy so firewall or other rules will not apply.
1 Like
What do you mean the hostname is not proxied ?
On the “Security” analytics graph, I can see some events mitigated by Cloudflare WAF. If the hostname was not proxied, I should not be able to see such information right ?
If mean hqworkspace.io resolves to 2 Amazon IP addresses when queried. If the DNS record for that hostname were proxied it would resolve to Cloudflare IP addresses.
I have no idea what that screenshot represents or what other hostnames may exist on your account. If you want requests to the hostname you asked to be subject to a WAF rule, the record needs to be proxied in DNS and the server itself needs to be configured to only accept connections from Cloudflare’s edge IPs so that someone can’t simply connect to the origin directly bypassing Cloudflare.
Ok, the 2 IPs you’re talking about are actually our website hosted on Webflow. These are voluntarily not proxied through Cloudflare.
However, our servers are proxied through Cloudflare on subdomains of hqworkspace.io.
The custom rule which is seemingly not triggered :
