My site is being ddosed. I have cloudflare pro, all traffic going straight to origin server and site is going down. Help?

Title says it all. I’ve got cloudflare pro with all the setting enabled and these ddos attacks are shutting my site down and cloudflare isn’t serving hardly any cached content

Anybody have experience with this?

So I’m checking this out and apparently my site is allowing non-CF IPs, which is indicative that they’re reaching my origin server.

How tf do I fix this? All my dns settings are covered

I tried creating some .htaccess rules to only allow cloudflare ips.

However upon saving the file, when I try to visit my site, I get a 403 forbidden.

Does anybody have a solution?

Still searching for a solution, any advice would be appreciated

Hi @lofizone, this is a great thread, Only allow connections from whitelisted IPs?, note the conversation around this link for other options, https://support.cloudflare.com/hc/en-us/articles/115001595131-How-do-I-Lockdown-URLs-in-Cloudflare-.

1 Like

Thanks for the response. As stated above, I have tried blocking all IPs except for cloudflare IPs on my origin server and I am met with a 403 forbidden message.

Doesn’t cloudflare turn visitor IPs into cloudflare IPs that are sent to the origin server? Because according to my server logs I am seeing loads of non-cloudflare IPs.

cloudflare is the middle man only. when you got client IP, are you getting from HTTP headers or from the REMOTE_IP ?