Users using CloudFlare IPs?


Just a quick question.

I noticed that some users/spammers on my website are using Cloudflare IPs to spam comments and circumvent some of my security algorithms.
Is that normal? Can I block these IPs without blocking Cloudflare system? How do they use it?

I use nginx and I correctly set the “real IP” headers so I don’t think it comes from there.


That traffic is most likely coming through WARP.

That was three. :wink:

Indeed haha thanks for your answers.

So WARP is a VPN, right? I’d like to block the whole ASN in my WAF but I’m scared to block legitimate traffic from Cloudflare itself

A lot of legitimate users use WARP. If the IP ranges happen to overlap with Cloudflare’s share of iCloud Private Relay traffic (which is similar to WARP and partly handled by Cloudflare), that would be even worse, as a lot of iOS and Mac users will be there.

In general you need to allow access to your origin server from these IP ranges. If your problem is that these users are connecting through your normal Cloudflare proxy like anyone else, I would recommend looking for a different solution, as what you have in mind will cause a lot of collateral damage.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.