I’m using Firewall rule to Challenge all IPs. Of course, I have turn on Proxy Cloud icon in DNS record. But when i see “Visitors” in cPanel of my host, there are too many traffics like this: “https://mywebsite.com/?=Best_HTTP_Flooder_For_FREE_by_PassDDoS17283”. My domain is off.
I also try to turn on “I’m under attack mode”, but many IPs can pass my Firewall Rule. I don’t understand.
If your server doesn’t firewall all traffic that doesn’t come from Cloudflare IP addresses, attackers might be bypassing Cloudflare and attacking your site directly. IP Ranges
You can create a Firewall Rule to block any request with that ddos phrase in the URL.
I have just created this Fire wall rule. This solution seem not effective. There are too many IPs can pass Cloudflare and inundate cPanel.
3 days ago, my website is attacked by over 10 millions traffics/ 24h. Since this attack, Cloudflare maybe blocks and does not support my website. I don’t know if Cloudflare limits the size of DDoS? I need upgrade my tier?
I have just created this Firewall rule (URI query contains). This solution seem not effective. This firewall rule only block some of millions traffics.
In “Visitors” of cPanel on my hosting, so many traffics with “Refering URL” like this “Search - usatoday.com”, i have also created Firewall rule to block all Referer which contains “172.96.XXX.XXX”. But Not effective also.
As I demonstrated, the Firewall Rule works. This really looks like they’re bypassing Cloudflare as I suggested in my original reply. Is 172.96 the IP address of your server?
Cloudflare can’t protect against direct attacks on your server’s IP address. You need to have your host block all requests not coming from Cloudflare IP addresses.
I have added this PHP code in .htaccess to allow Cloudflare IPs and block other:
#Allow Cloudflare IPs and Deny other
order deny,allow
allow from 173.245.48.0/20
allow from 103.21.244.0/22
allow from 103.22.200.0/22
allow from 103.31.4.0/22
allow from 141.101.64.0/18
allow from 108.162.192.0/18
allow from 190.93.240.0/20
allow from 188.114.96.0/20
allow from 197.234.240.0/22
allow from 198.41.128.0/17
allow from 162.158.0.0/15
allow from 104.16.0.0/12
allow from 172.64.0.0/13
allow from 131.0.72.0/22
deny from all
But It block all. 500 Internal Server Error. Please guide me!!! Thank you very much!
This type of htaccess block will not help as from what I see you’re getting the Header IP of the clients. If you have VPS/Dedicated server I would suggest to block all incoming requests to 443 and 80 ports via IPTables and allow only CloudFlare IPs.
If you have SSH access to your server, you can use the following commands:
Important NOTE: This will drop any connection coming directly to your server under 80 and 443 ports, if you have any other website hosted under your server which is not on CloudFlare, the above actions will make those websites inaccessible.