34 Replies
Does anyone here have experience with cloudflare and blocking ddos attacks?
I currently am blocking a ton of ASNs and have under attack mode on and my vps server is still being attacked hard
and yes I have checked all traffic is going through cloudflare. they aren't bypassing it
doesn't look like much but its enought to overwhelm the vps
is that what your asking about?
the default filters aren't blocking traffic at all really
and under attack mode is still not enough either
default filters have only blocked 19k/1.59m events in the past 6 hours
im honestly getting a bit frustrated. even after blocking so many ASNs im still getting attacked
top 15
would I be safe to just block
Mozilla/5.0
5.0 is super old
I also added a challenge for traffic thats http 1.1, 1.1 makes up 80% of the traffic
wait really?
its from 2011...
why
yea some is still getting through even with the 5.0 filter
managed challenge
0% solve rate though
ah
says 0
something is still hitting the server
not sure cpu usage is pegged at 100%
yes
doesn't show anything
but nginx is only showing cloudflare ips
I was checking to double check nothing was bypassing cloudflare
seems good now
think it was nginx recovering
which domain were you checking?
that one has 0 issues thats hosting by cloudflare pages
much stronger than my vps
so how can I make sure legit traffic like cralers and other legit traffic can get through?
pterodactyl is all api traffic
I have github actions that interact by api
that isn't a static ip
ill have to double check but one of the asn thats attacking me is also the asn gh actions uses
gotta love microsoft
I had to get rid of them. caused too many issues
even setting it super high to something like 500 wasn't enough
doesn't that constantly change?
yeah idk how to automate updating a list for cloudflare
If you want to be sure, you can create a firewall ruleset and only allow https://www.cloudflare.com/ips/ through. Especially helpful if your VPS provider has firewall rules that can be applied on the control panel, outside of your VPS. That way their network will block it before your VPS can ever even see it.
Cloudflare
IP Ranges | Cloudflare
This page is intended to be the definitive source of Cloudflare’s current IP ranges.
I already have one
That's what I used to do. Allow only those IPs to hit 80/443, block the rest of the inbound traffic
for me 80,433,8443
that should work right?
these WAF rules are really causing issues for api calls
even after whitelisting ips
it seems to be only with websocket stuff
in CF or on your VPS?
Assuming you're talking about other systems hitting your API?
pterodactyl
only if they have/use the IP of the VPS. That will mainly deter them as well as mask what the VPS is for
my vps ip is in the list
along with hetrix ips
Your VPS is in the Cloudflare list? Does it reach out to itself externally and back in?
the vps reaches out to andromeda.playavalon.net:8443/api
which is behind CF also
it was fine before adding these rules to block ddos
is that on the same server or a different server?
different server
Gotcha
so its broken on chrome but not firefox
no idea why
clearing browser cache seems to have fixed it
@dubzz.@FloppyDisk had to disable the https3 rule it caused too many issues with pterodactyl sadly
which is a problem because now stuff is just going right through
think I got a good setup going just have a single issue left. challenges seem to be breaking one of the websites I run. it doesn't seem to redirect back to the page after the challenge
seems to me it looks like it gets stuck in a redirect loop
I dont know where to look honestly. I dont see anything in events but I just cant get cloudflare access to work anymore
