Cloudflare IP is flooding my website with various requests which looks like DDOS
What steps have you taken to resolve the issue?
I have activated the fail2ban filter for some specific actions like cart abuse. There are about 1000+ IP been banned so far. Most of the IPs I have looked up are Cloudflare IPs.
Once it is banned, my website responds with 522.
Problem is that if I unban these IPs, it floods with requests.
My question is, why is Cloudflare accessing my site with such a high volume of requests in the first place?
I have cache reserve add on. AFAIK it only pulls the resources that has been requested for caching.
Can someone guide me on how to prevent this?
Thanks!
But here’s the TL;DR version: when a site is behind Cloudflare’s proxy, all visitor requests first go to Cloudflare, before Cloudflare turns around and forward the request to the real server hosting the site.
This is how Cloudflare can protect and accelerate the website in question.
As such, by default, ALL visitors to your website, both legitimate users and bots, will appear to be coming from Cloudflare’s proxy IP addresses.
This is why you see Cloudflare IPs on your server.
By blocking these Cloudflare IP addresses, you’re effectively preventing Cloudflare from connecting to your server to fetch the resources your visitors asked for.
This is why you’re seeing the 522 error.
See above for why it’s Cloudflare to begin with.
As to the volume and originating traffic sources, check your Cloudflare dashboard and dig into the various reports, especially the Security events.
If you find any particular sources of high and unwanted requests, block these originating sources in your Cloudflare WAF so they don’t even reach your server at all… instead of blocking the messenger (Cloudflare) at your origin server.
