Traffic from suspicious IP address

I have a very strange case with one of my domains. I have a proxied record to one of my origin servers and I have a firewall on it to only accept traffic from Cloudflare. However, some of the requests I make don’t go through(most of them). Upon further inspection I found that these requests don’t reach my server from a Cloudflare IP but from another IP that I’ve never seen (belongs to a server in A2 hosting).

So the flow looks like this:

  1. I connect to my hostname
  2. I can see that I’m hitting a Cloudflare IP address
  3. … (I have no idea what exactly Cloudflare is doing behind the scenes)
  4. A non-Cloudflare IP sends the request to my server and gets rejected

Other than Cloudflare being hacked, I can’t think of another explanation.

Any help would be appreciated. Cloudflare’s support doesn’t answer unfortunately.

Are those requests going directly to the A2 hosting IP and not on the HTTP layer? :thinking:
Is everything locked-up at the origin host/server and only Cloudflare allowed?
What kind of the SSL/TLS option are you using at the SSL tab of Cloudflare dashboard for your domain name?

Have you tried writing to the A2 hosting about this?

See the related article here:

Cloudflare IPs:

I doubt :thinking:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.