I've blocked IP's, but some ot them still getting to my site

Hi! I’ve created rule wich block range of ip’s, but some of them still getting to my site.
My analitics system tracked one of this hosts http://joxi.ru/Q2KkkbQHvd8zN2
Here is my rule


Could Cloudfare rulres skip some of hosts?

Silly question perhaps, but have you denied direct access to the website from outside of Cloudflare?

Everyone exept those ip ranges can get access to my site.

What I mean is, have you denied direct access to your website from anything but Cloudflare’s IP ranges?

If I happen to know the IP address of your server/website (which is fairly trivial to find out in most cases) then I could connect to your website without going through Cloudflare, hence any rules you have setup there would not work. In that instance you have to deny connections to your website that attempt to connect directly.

No, I didn’t do that, just replace my old nameservers to Cloudfare’s. Should I change my site’s ip on Cloudfare’s?

I put this code to htaccess and nobody can get site
Order Deny,Allow
Deny from all
Allow from 173.245.48.0/20
Allow from 103.21.244.0/22
Allow from 103.22.200.0/22
Allow from 103.31.4.0/22
Allow from 141.101.64.0/18
Allow from 108.162.192.0/18
Allow from 190.93.240.0/20
Allow from 188.114.96.0/20
Allow from 197.234.240.0/22
Allow from 198.41.128.0/17
Allow from 162.158.0.0/15
Allow from 104.16.0.0/12
Allow from 172.64.0.0/13
Allow from 131.0.72.0/22
Hot to allow only cloudflare ip’s?

On your server, do you have an Apache module in place which re-writes Cloudflare’s IP as the user’s IP for logging purposes? In other words, if you look in your Apache access logs, do you see Cloudflare’s IP addresses or the end IP addresses of your visitors?

If you see the end visitor’s IP address then your htaccess file configuration won’t work, because the user’s IP address is already re-instated by that time. You would need to block access to your server’s IP address on port 80 and port 443 for any IP address other than Cloudflare’s. This would then happen before the request reaches Apache. This is also assuming you don’t have any other websites on that server utilising the same IP address and not using Cloudflare.

Thank you for helping! I’m using usual web-hosting. Different sites located on same ip and i have no rules to configure this server. Seems cloudflare wouldn’t help me.

By the way there is direct visitors ip’s and cloudflare’s in my logs.