I am using Cloudflare’s nameservers and no others. Even though Cloudflare’s DNS page indicates my site is being fully proxied, it behaves as though it is not doing so. Requests are coming through as though Cloudflare was acting ONLY as a nameserver.
At my host, all incoming requests show that they are from the visitor/client IP, NOT from Cloudflare IPs.
I do not understand what is happening. I have spent several full days looking at setting, reading documentation and going on endless searches for similar problems. I have found nothing. As a free client I don’t have access to any traffic logs that might help sort this out.
Thanks for any assistance you can provide. I am at wits end.
My site is txbiker.net, shared hosting on HostMetro. I joined Cloudflare because I was getting hit by ddos attacks from China. Inserting Cloudflare in that loop did not work. In order to stop the attacks I modified my .htaccess file to deny all, except allowing only the Cloudflare IP list. That stopped the attacks, but also cut off my own access (since Cloudflare was not proxying). So I added back in my own ISP’s IPs so that I could see my site. Unfortunately, with proxying not working, nobody but me can see it. This did, however, stop the attacks.
Thank you for responding! No, the issue is not resolved.
DNS Checker was showing all good even before I posted about my problem. Cloudflare is acting as my DNS server, most definitely. But apparently it is NOT PROXYING anything. All visitors to my site show their source IP address in my server’s logs. I never see any of Cloudflare’s IP addresses show up. The lone exception is when Cloudflare’s SSL/TLS Recommender accessed my site–I saw that come up in the logs as expected.
You can try accessing my site, txbiker.net
If proxied then you will see the main page. If not proxied you will get a 403 error because it did not come from one of Cloudflare’s IPs in their published IP list.
The site is definitely proxied. You can see that in the response headers as well as the dashboard with the various analytics and security events. This info can only be captured if traffic is going through Cloudflare.
The issue here is with origin configuration, so it’s going to be difficult for us to troubleshoot,
It’s possible that your server might not be configured to log the correct headers that Cloudflare uses to forward the client IP, or the headers that contain the original client IP (like CF-Connecting-IP) might not be correctly interpreted or logged by your server.
Or it’s possible that Cloudflare IPs are not correctly allow listed
Well, I am flying blind in many ways. I have no way to see the response headers, and as a free user I don’t have any detailed analytics. On my shared web host I can see very little, just a basic log, and can control very little. So as to the response headers, I have no visibility. In the security events I do see that Cloudflare has been intercepting some bots, etc.
I understand that the host configuration me be the trouble. Other than .htaccess files, I have no control over configuration. After I received your last message I DID go into Cloudflare’s managed transforms configuration and disabled sending CF-Connecting-IP. My though was that maybe that would change how my origin server is responding to requests. But no change–still not seeing Cloudflare IPs in the log, just original visitor IPs still. It seems that should have stopped my origin host from finding the visitor IPs. Still, maybe my host has some way that it is seeing visitor IPs instead of Cloudflare IPs. I will try to find out from HostMetro.
As for Cloudflare’s IPs, they are correctly listed in my .htaccess file. I double checked. In the file I have all of Cloudflare’s IPs from their official list, as well as the IPs of my home ISP and those of certain other ISPs. I have attached a copy of the file.
Thanks for your continuing help!! I will try to contact HostMetro and see if they have any explanation or remedy.
allow from 73.0.0.0/8
allow from 2601:2C0::/26
allow from 2600:1000::/28
allow from 2600:1010::/29
allow from 142.136.0.0/16
allow from 173.245.48.0/20
allow from 103.21.244.0/22
allow from 103.22.200.0/22
allow from 103.31.4.0/22
allow from 141.101.64.0/18
allow from 108.162.192.0/18
allow from 190.93.240.0/20
allow from 188.114.96.0/20
allow from 197.234.240.0/22
allow from 198.41.128.0/17
allow from 162.158.0.0/15
allow from 104.16.0.0/13
allow from 104.24.0.0/14
allow from 172.64.0.0/13
allow from 131.0.72.0/22
allow from 2400:cb00::/32
allow from 2606:4700::/32
allow from 2803:f800::/32
allow from 2405:b500::/32
allow from 2405:8100::/32
allow from 2a06:98c0::/29
allow from 2c0f:f248::/32
Thank you very much for the support you have given me. Using the information you provided and some tools available on the Internet, I have isolated the problem to the origin’s servers. I DO see everything being proxied by Cloudflare (thank you!). I also see that my web host (HostMetro) is looking ONLY at the “real IP address” of visitors to my site, and using that (not Cloudflare’s IP address) to compare with my .htaccess permissions and for logging. Hence I cannot selectively block those many Chinese DDOS sources who already have and use my origin’s IP address. I have asked HostMetro to change my IP address to stop the direct DDOS attacks. Unfortunately the new IP address could be exposed again, since I am powerless to actually limit access to just Cloudflare IPs.
HostMetro has no understanding of how proxies work, or they don’t understand that Cloudflare provides a proxy service. They believe that all Cloudflare does is filter DNS requests, not proxy them. I was unable to make any progress with their support person on the subject. So I will be changing web hosts soon.