Blocking ips when using Cloudflare

When using Cloudflare CDN it is hard to see where attacks on your website are coming from.

• First look at the log:
  tail -30 /var/log/httpd/access_log
• Suppose the file being attacked is index.php
  Create the file getip.php:

<html><body>
<?php
if(isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {
  $ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
} else {
  $ip=$_SERVER['REMOTE_ADDR'];
}
header("Location: /testpage?from=" . $ip);
die();
?>
</body></html>

• Temporarily rename the attacked file (e.g. index.php) and copy getip.php to that name.
• Now look at the log again and you will see where the attack is from and can block it using Cloudflare’s panel:
  tail -30 /var/log/httpd/access_log