Skip to main content

Cloudflare blocked in firewall alerts

Comments

3 comments

  • quizknows
    Cloudflare and ModSecurity is an interesting situation. Beacuse ModSecurity looks at request headers before the logging phase, the CF IP is the "real" IP despite the presence of the header from CloudFlare indicating who they are forwarding the request for. Do not "Allow" cloudflare ranges. This only opens ports to them and is unnecessary. You need to add their ranges to /etc/csf/csf.ignore (NOT csf.allow) and fully restart both csf and lfd via WHM. This will stop CSF from blocking those IPs while still allowing ModSecurity to block individual bad requests. Obviously once that is done, audit csf.deny and remove any cloudflare IP addresses (or just remove any addresses which you did not add manually, and allow the blocks to repopulate).
    0
  • scullydion
    Quizknows - thank you so much! Appreciate your time :)
    0
  • cPanelMichael
    Hello :) Note that for others visiting this thread, you can find a list of CloudFlare IP addresses at: CloudFlare IP Ranges | CloudFlare | The web performance & security company Thank you.
    0

Please sign in to leave a comment.