Why does the browser integrity check occur even though I only use DNS?

Hello.

I created a free cloudflare account to use DNS service.
The next day, I found a large amount of activity logs in the security events section of the admin console.

According to research, the solution was to set the SSL/TLS encryption mode to FULL.
“Traffic Served Over TLS” appears to be accessing cloudflare.

Why is this setting required if I only use DNS service?

  1. Never use Full, that’s an insecure legacy mode without encryption. Always use Full Strict.
  2. If you do not use the proxies, most of the settings on Cloudflare won’t apply - what’s the domain?

thanks.
domain is 1stwise.com

Can you post screenshots of these pages?

thanks.

7 hours ago, I changed the SSL/TLS encryption mode from Flexible to FULL.

Again, Full is not secure, it needs to be Full Strict.

But something still routes requests through the proxies. Can you post screenshots of a few of the individual firewall event entries?

Again, Full is not secure, it needs to be Full Strict.
I don’t use any services other than DNS.

Right, as mentioned most settings don’t apply here, but the advice to use Full is still wrong. It needs to be Full Strict.

As for the firewall requests, it would seem something is actively routing this through the proxies. I would ignore the Tor request, but the two Japanese requests seem to be some sort of link checker. Are you running such a service? Could it be that you configured this manually to go through the proxies?

What you could definitely do is block on your server all requests from these addresses - IP Ranges

I understand the cause.

Actually, someone else did the initial settings and corrected the settings at the time of the problem.
I just received the report and started investigating.
When I checked again, I found that there was an omission in the report.
He set it to Proxied instead of DNS only during the initial setup.
And he changed it to DNS only and SSL/TLS encryption mode to FULL at the time of the problem.
But when he reported it to me, it was only SSL/TLS encryption mode.

Thank you for your advice.

Most welcome :slight_smile:

If you want to make sure, not to receive requests from the proxies, block the addresses mentioned before.

As for the encryption mode, that really should always be Full Strict, as otherwise you have no encryption when using the proxies.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.