Blocking ips when using Cloudflare

When using Cloudflare CDN it is hard to see where attacks on your website are coming from.

  • First look at the log:
    tail -30 /var/log/httpd/access_log
  • Suppose the file being attacked is index.php
    Create the file getip.php:
<html><body>
<?php
if(isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {
  $ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
} else {
  $ip=$_SERVER['REMOTE_ADDR'];
}
header("Location: /testpage?from=" . $ip);
die();
?>
</body></html>
  • Temporarily rename the attacked file (e.g. index.php) and copy getip.php to that name.
  • Now look at the log again and you will see where the attack is from and can block it using Cloudflare’s panel:
    tail -30 /var/log/httpd/access_log