So I set firewall in CF to
http.host eq "admin.mysite.com" and ip.src ne XX.XX.XX.XX block
So people who aren’t xx.xx.xx.xx can’t access my site
But malicious CF IP can access my site without being blocked by CF firewall, but blocked by nginx I use.
2022/02/02 12:51:38 [error] 373128#373128: *552712 access forbidden by rule, client: 126.96.36.199, server: admin.mysite.com, request: "GET / HTTP/1.1", host: "YY.YY.YY.YY"
How can 188.8.131.52 access my site? If I check it’s CF IP, but why it didn’t get blocked by firewall?
And how to prevent this?
It sounds like your server isn’t restoring visitor IP addresses, so you’re not getting the actual IP address of the malicious request.
You should activate SSL/TLS security setting to High (if you’re not sure that you are under attack!) HOWEVER, if you are absolutely certain that you are under a DDOS (Distributed Denial Of Service) attack, activate IUAM (I’m Under Attack Mode)!
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.