someone is using Cloudflare to point directly to my server. My webserver is not delivering any content in case that the hostnames do not match, but the real issue here is that am receiving thousands or requests that going undetected.
so all the requests i receive are under Cloudflare IPs
Any ideas how i can stop this attack?
i have allowlisted all Cloudflare ips and now am attacked by it
A possible option would be by switching your own sites to run over a Cloudflare Tunnel.
That way, you would NOT have to open any ports, or have any IP addresses added to the inbound policies of your firewall, as the Cloudflare Tunnel would connect outbound towards the Cloudflare network.
Since it sounds like that your server’s IP address(es) have already been exposed, you won’t really be able to prevent the “attempted” traffic from happening, however, if your hosting provider allows you to, you can eventually rotate the IP address(es) after having re-configured your set up to run through a Cloudflare Tunnel.
thanks for the reply!
alright i will try to configure it this way.
in the meantime can i sugges this somewhre?
i believe Cloudflare should add a bit more security on who can point where using their own service
for example proof of domain ownership
let users to point the domain and then request proof that they own it before allowing any traffic to start rerouting in thousands.
in this way users like me will not end up in this situation
Setting the assigned nameservers at the registrar is proves domain ownership, or an equivalent level of control.
It sounds like you want an HTTP challenge to be verified by the origin server. That is an interesting idea. It might be worth posting that in #feedback:feature-request
Thanks for the reply!
My apologies, yes i meant to say proof of server ownership.
In this scenario if Cloudflare requires me to proof that i own the server i pointed my domain to using clouflare dns.
Then in the above case i would only had to allowlist Cloudflare IPs and block anything else. So in this way the attacker will not be able to use Cloudflare to point to my server directly and every request should pass from my Cloudflare configurations and from there can be detected/filtered/blocked.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.