We are seeing malicious requests hitting our server from cloudflare IP addresses. They are quite a number and too often. Could you assist stop this requests. We have attached a sample of the request with first column being URI followed by referrer followed by user Agent
We are experiencing a situation where cloudflare IP address is sending some malicious request to our websites. The requests have different Cloudflare port extenstions e.g http://104.21.30.172:2082/aab9
Hi,
Cloudflare sends to your origin every request it gets to your domain, if it’s proxied 
. Could it be that your origin logging application is misconfigured, logging the incoming IP address where it should place the domain name? Do you see Cloudflare IP addresses in all requests, or only those for paths /aaa9 and /aab9? If you do not set your own server, ask your hosting provider to check its logging application configuration.
As for the requests ending with path /aaa9 and /aab9, one of my domains also gets those odd requests, and I managed to block them with a WAF rule that includes the following expression:
(http.request.uri.path in {"/aaa9" "/aab9"})
In any case, you should make sure that your origin server also restore original visitor IP:
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.