Blocking ips when using Cloudflare

When using Cloudflare CDN it is hard to see where attacks on your website are coming from.

  • First look at the log:
    tail -30 /var/log/httpd/access_log
  • Suppose the file being attacked is index.php
    Create the file getip.php:
} else {
header("Location: /testpage?from=" . $ip);
  • Temporarily rename the attacked file (e.g. index.php) and copy getip.php to that name.
  • Now look at the log again and you will see where the attack is from and can block it using Cloudflare’s panel:
    tail -30 /var/log/httpd/access_log