I have a bot problem that I’m working on solving. I currently use a combination of Cloudflare business + WAF rules + Bot Fight Mode + page rules where I enable IUAM for certain pages. With all that, bots still break through.
So I’ve recently implemented a next layer where I exam the incoming IP using a service like ip-api.com.
So far it’s worked fairly well however it is flagging Cloudflare IP addresses (AS1333) as being a proxy. An example IP is
My question is: Why would I be getting incoming traffic from Cloudflare IPs? Before I blocked these I want to make sure I’m not missing some Cloudflare service, etc. The description from ip-api.com says “Cloudflare WARP” … not sure if that is end users masking or hiding themselves perhaps?
Interesting and very concerning … thank you @sdayman .
Another question is if these IPs aren’t listed on the official pages, then why do they seem to be registered to Cloudflare when you do a whois lookup against any of these IPs? It’s confusing and concerning, but it seems it’s good that I can block them.