My webhost is concerned about hundreds of thousands of requests daily

thebiggamehunter · March 13, 2025, 2:07pm

What is the name of the domain?

What is the error number?

none

What is the issue you’re encountering

My website is receiving hundreds of thousands of requests primarily related to images

What steps have you taken to resolve the issue?

I’ve moved images to a service that has them on a CDN. The problem is not there.

According to your website access log, at this time there were 384,865 requests to images for the last 24 hours and this number continues to grow.

Here is a list of IP addresses with the most connections to your website for the last 24 hours:

#######
5087 140.248.0.1
5153 146.75.232.0
5173 146.75.232.1
5237 140.248.0.0
5395 146.75.164.0
5429 146.75.164.1
5444 146.75.222.0
5528 146.75.222.1
8957 146.75.252.0
9223 146.75.252.1
#######

As you can see, most of the IP addresses are related to same range “146.75.*”.

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full

paul32 · March 13, 2025, 2:15pm

Given that those IP’s all appear to be from AS54113 Fastly which is part of the iCloud Private Relay, i.e. a VPN, its probably script kiddies

See: 146.75.252.0 ( Fastly, Inc. ) Fraud Risk

Options using Cloudflare tools would be;

Block AS54113
Rate limit AS54113

Personally I would go with option 1 as we (just to be clear: I am a just a user & customer nothing to do with Cloudflare itself) block all VPN’s and proxies, but you may want to start with option 2

thebiggamehunter · March 13, 2025, 3:50pm

Thanks for responding. I appreciate it.

Where on the dashboard do I find the options?

paul32 · March 13, 2025, 4:24pm

Security / WAF / Tools - IP Access Rules

add ASN AS54113 - this blocks the entire ASN

and

Security / WAF / Rate limiting rules, create rule

URI Path contains * - any path on your site 
or
URI Path contains *.jpg - or whatever your standard image format is, or the folder where you store your images if you use multiple formats and want to just use one rule

Same IP

25 requests in 10 seconds
Block 10 seconds

You may need to check that legitimate users don’t get blocked by the rate limiting rule and play about with the number of requests

Blocking the ASN is easier, but you also block legitimate users, if any, from that ASN, but you could unblock it later or change to a challenge type as appropriate

Topic		Replies	Views
Extreme increase in requests Website, Application, Performance requests , dash-troubleshooting	10	3631	March 6, 2019
Being attacked relentlessly Security	5	1941	March 27, 2020
Web scraping sourced from cloudflare IP addresses Security	5	47	January 6, 2025
Why always General error , dash-getting-started , dash-troubleshooting	5	2838	January 30, 2019
Block IP range problem Security	14	2773	January 5, 2020