Recently, I was hit hard with a DDoS and all the requests seemed to bypass Cloudflare somehow.
Looking at the logs, it was all HTTP traffic. That should not be possible because I have HTTPS redirection enabled in CF settings. Also, all the traffic was from CF IP addresses.
Looks like it’s somehow possible to bypass the HTTPS recirect and get HTTP traffic into origin.
Also, I do have rules to block non-CF traffic so it was indeed some sort of bypass. Or maybe a spoof?
Anyone else experienced this and know how to mitigate this issue in the future?