Malicious Cloudflare IP access my protected sites

user22241 · February 3, 2022, 8:18am

So I set firewall in CF to http.host eq "admin.mysite.com" and ip.src ne XX.XX.XX.XX block
So people who aren’t xx.xx.xx.xx can’t access my site
But malicious CF IP can access my site without being blocked by CF firewall, but blocked by nginx I use.

2022/02/02 12:51:38 [error] 373128#373128: *552712 access forbidden by rule, client: 172.69.31.207, server: admin.mysite.com, request: "GET / HTTP/1.1", host: "YY.YY.YY.YY"

How can 172.69.31.207 access my site? If I check it’s CF IP, but why it didn’t get blocked by firewall?
And how to prevent this?

sdayman · February 3, 2022, 2:11pm

It sounds like your server isn’t restoring visitor IP addresses, so you’re not getting the actual IP address of the malicious request.

https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs

AppleSlayer · February 3, 2022, 2:34pm

You should activate SSL/TLS security setting to High (if you’re not sure that you are under attack!) HOWEVER, if you are absolutely certain that you are under a DDOS (Distributed Denial Of Service) attack, activate IUAM (I’m Under Attack Mode)!

system · February 18, 2022, 2:35pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can't block a Website Visitor with an Cloudflare IP Address Security	2	2238	December 11, 2019
Only can access from some IP, otherwise it just return 502 gateway err DNS & Network dns	2	2137	May 24, 2018
Visitors's IP not from Cloudflare Security	6	2426	March 19, 2019
Blocked site Security	2	684	August 27, 2023
Site cannot be reached via CF protection DNS & Network	6	891	June 27, 2023

Malicious Cloudflare IP access my protected sites

Related topics