Cloudflare is not blocking obvious malicious traffic.
If I request my website with an obvious proxy IP which is on any blacklist I get a normal response.
Even on “high” Security Level. Even if I am doing something obviously malicious with the IP like reloading the website at an unnatural high rate.
So basically Cloudflare is not giving me any protection at all.
I am not sure but this is not a normal behaviour, right?
Browser Integrity Check does also not work. I can set any weird User Agent on any weird IP and it still get passed.
I can tell by my Analytics screen’s Security tab that Cloudflare is blocking some malicious traffic from my website.
As customers, we’re not privy to how their firewall works, but it sounds like what you’re doing isn’t really malicious. If you want more detailed feedback, you would have to open a Support Ticket: Login to Cloudflare and then contact Cloudflare Support
Out of curiosity, what makes an IP “weird”? If you can connect with it to the server, then it is a valid IP, there’s nothing weird about it. If it’s not a valid IP, your TCP connection will never complete.
It is perfectly legal to use proxies to use the Internet (well, in most of the world…), and using one does not necessarily say one is trying to abuse. Granted, if it’s a public proxy, it may attract more abuse, and Cloudflare’s anomalies detection may be more sensitive to what’s coming from there, but if they can filter at the client level that your behavior is something they consider good/not abusive (and they can, there’s a CF cookie that I imagine they use just for that - to keep reputation per client session, despite IP) - they may even let you pass from the proxy IP, and block someone else.
My opinion, of course. As in “how would I have designed it, if I were to build a Cloudflare-like service”. I do not work for Cloudflare.
Well, one may wonder if attack from a single IP is considered Distributed Denial of Service. DoS yes, DDoS, less so. In fact, I would expect that rate limiting of single IPs is maybe something you’ll want to configure in your server…
I don’t know if Cloudflare can detect that those requests are in fact the cause for your server going down. They’re probably chasing common patterns, and maybe that one doesn’t fall under it. Especially if it’s unique to your site and your design. i.e. your app could do something smart before allowing many requests to break it, e.g. by using your own one-time tokens for very sensitive operations. By the way, Cloudflare does have an option to force a CAPTCHA, for example, on such sensitive URLs, through Firewall rules.