Cloudflare calling non-existing endpoints
Hi, I have a website on Cloudflare which is getting quite a few errors.
the errors are non-existing URL related and the IPs seem to be Cloudflare.
some examples of the URLs being called are:
https://app.example.com/__clockwork/app
https://app.example.com/_debugbar/open?max=20&offset=0
https://app.example.com/telescope/requests
https://app.example.com/alps/profile
I'm not that familiar with Cloudflare, so I'm wondering if these actually are from cloudflare and if so, what could I do in order to stop such errors coming in.
5 Replies
the errors are non-existing URL related and the IPs seem to be Cloudflare.Can you clarify what you mean by "The IPs seem to be Cloudflare"? If you're tracking requesting IPs at your origin, are you properly restoring visitor ips? https://developers.cloudflare.com/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/
Restoring original visitor IPs · Cloudflare Support docs
When your website traffic is routed through the Cloudflare network , we act as a reverse proxy. This allows Cloudflare to speed up page load time by …
Hmmmmmmmmm
when errors happen the website send me an email with a bunch of info, including IP and URL.
for example:
URL: https://app.example.com/_debugbar/open?max=20&offset=0
IP: 172.70.46.139
searching the IP in WhoIs shows Cloudflare
https://who.is/whois-ip/ip-address/172.70.46.139
172.70.46.139 whois lookup information - who.is
172.70.46.139 whois lookup information.
That's the IP of CF Proxy (Cf is just proxying the request, not the initiator).
If you don't have _debugbar, it's most likely just some bots scraping, you should Restore Visitor IPs eitherway though so you can see the real requester, there's guides in the article I linked above for various web servers
thanks a lot, I wasn't sure if Cloudflare runs such scripts for whatever reason or not and didn't know about the CF Proxy.
I'll look into that!