Hi, I don’t have the knowledge to understand what’s going on.
'and just now learned a new term: “iCloud Private Relay” – Hmmmmm

What’s been happening?:
Been a busy day for my site for certain specific local event listings. Okay, that’s great!
IP sets include the following: 104.28.55.0 & 104.28.57.0

I check ARIN and they show as coming from Cloudflare?

One stat source of mine shows them as coming from Bermuda.

Then, through another stat source following the same traffic they show as ‘iCloud Private Relay’ ( which I gather is some way of cloaking oneself (as in VPN I guess?) )

Thing is, I’ve tried challenging and even blocking these using 104.28.55.0/24 and 104.28.57.0/24 but I get nowhere.

Is that these are the IPs being used to cloak them? or what?

Please someone help me understand this.

thanks

Do you have your domain on Cloudflare? If so, then seeing those IPs means that someone accessed your site via Cloudflare.

Thanks for your input.

Soooo, As opposed to the 6,000 others today who don’t show the same weirdness?

I don’t understand the difference. Don’t all of them come to my site via Cloudflare?

or am I terribly misunderstanding how things work?

'and sorry, I realized immediately after my original post that I wasn’t completely clear.
Wasn’t able to edit it and forgot to add a note thereafter.

These odd visits amount to a large number. More than 1/5 of the day’s total visits.
That’s over 1,400 coming from a pair of IPs that’s out of the total norm. Or from a specific nation, for that matter, which barely ever visits my site to begin with.

Thus the concern.

I was indeed expecting a great deal of traffic today, but not weirdness like this.

It depends on your set-up, if your DNS records are then it is highly likely that they are coming through Cloudflare.

If these are Cloudflare IPs that they are coming from, I wouldn’t worry. 1) All the requests were screened by Cloudflare. 2) It could mean that something happened with routing, causing everything to go through those IPs

For whatever reason, one stat source had them all listed as coming from Bermuda. If it weren’t for that then I’d have never noticed the repeating IPs.

Just came across a Cloudflare post on this subject and how they’re working with Apple on this to some extent. (Titled: “iCloud Private Relay: information for Cloudflare customers”)

So I should rest assured that these IPs are not coming from the same malicious source?

If they are coming through iCloud Private Relay, then it just means they are using Cloudflare as a VPN.

This is safe to assume.

Thank you kindly for your help.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.