Blocking Cloudflare?

  • Resolved Rhand

    (@rhand)


    10 years, 6 months ago

    Just saw that Clouflare (free CDN Package) used for one of my Dreamhost WordPress sites seems to be having a conflict with Wordfence:

    This email was sent from your website “Website” by the Wordfence plugin at Wednesday 20th of August 2014 at 11:02:04 AM
    The Wordfence administrative URL for this site is: https://www.domain.com/wp-admin/admin.php?page=Wordfence

    Wordfence has blocked IP address 108.162.209.69.
    The reason is: “Exceeded the maximum number of page requests per minute for humans.”.
    User IP: 108.162.209.69

    Is this a known issue? What are recommended steps to prevent this?

    https://www.ads-software.com/plugins/wordfence/

Viewing 15 replies - 1 through 15 (of 22 total)

  • You could try whitelisting Cloudfare’s IP address in WordFence’s Options, Other Options section

    “Wordfence has blocked IP address 108.162.209.69.
    The reason is: “Exceeded the maximum number of page requests per minute for humans.”.
    User IP: 108.162.209.69″

    Do you have the CloudFlare WordPress plugin installed?

    All requests are going to appear to come from our IPs (we’re a reverse proxy) without something to restore the visitor IP. You do want to make sure requests from CloudFlare’s IPs aren’t being restricted in any way, as this could actually affect visitors getting to your site.

    Thread Starter Rhand

    (@rhand)

    I use Cloudflare via Dreamhost so there was no need to install the plugin. I did add 108.162.209.69 to the whitelist now. Also see you can add ranges using 123.23.34.[1-50] Cloudflare has ranges here https://www.cloudflare.com/ips-v4 but this ip does not seem to fit those ranges there.

    108.162.209.69 is part of the 108.162.192.0/18 range.

    NetRange: 108.162.192.0 – 108.162.255.255
    CIDR: 108.162.192.0/18
    OriginAS: AS13335
    NetName: CLOUDFLARENET
    NetHandle: NET-108-162-192-0-1
    Parent: NET-108-0-0-0-0
    NetType: Direct Assignment
    Comment: https://www.cloudflare.com
    RegDate: 2011-10-28
    Updated: 2012-03-02
    Ref: https://whois.arin.net/rest/net/NET-108-162-192-0-1

    Plugin Author Wordfence Security

    (@mmaunder)

    In Wordfence you could also select the option under “How does Wordfence get IP’s” to use the CF-Connecting IP header. This is on your Wordfence options page towards the top.

    Maybe damon can confirm that CF is still sending that header.

    But I agree that if you are using cloudflare, you really want to either install their plugin or I think they also have an apache module that will make sure your WP install sees the correct IP’s and will disallow any other IP’s from connecting which saves you from getting attacked by someone just going around their reverse proxy.

    Regards,

    Mark.

    “Maybe damon can confirm that CF is still sending that header.”

    Yes.

    Thread Starter Rhand

    (@rhand)

    Thanks for all the feedback. I located the “How does Wordfence get IPS’s” line. I checked the cloudlfare option here as now.
    Damoncloudflare mentioned:

    108.162.209.69 is part of the 108.162.192.0/18 range.

    So how do I add this range in Wordfence? Using 108.162.192.[1-18]?

    I’m on Dreamhost and use Cloudflare. I use the plugin. I still think you should and don’t see why you wouldn’t. Dreamhost got me up and running on Cloudflare, but I don’t think they do any special magic.

    Mika Epstein

    (@ipstenu-dh)

    DreamHost Rep

    Just to clarify at DreamHost, we actually secretly set up all severs with mod_cloudflare so it’s magically ready for anyone ?? But that is, literally, a server setting.

    I stand corrected. They *do* do special magic.

    In that case, the original problem shouldn’t be happening. With mod_cloudflare (or the plugin), you shouldn’t have to whitelist Cloudflare IP ranges.

    Hi Ipstenu-DH,

    My understanding is that hosts generally only install mod_cloudflare on shared servers & not dedicated (you may be different than our other partners in that regard).

    Hi Rhand,

    That IP address range is in CIDR format. It would convert to:

    108.162.192.0 – 108.162.255.255

    @damoncloudflare

    Can you weigh in on this one too?

    https://www.ads-software.com/support/topic/wordfence-cant-resolve-cloudflare-ip-addresses?replies=5

    tim

    For anyone who needs the Cloudflare IPs (Pro – don’t know if the IPs are the same as free) in Wordfence’s IP Range Format:

    199.27.128.[0-21], 173.245.48.[0-20], 103.21.244.[0-22], 103.22.200.[0-22], 103.31.4.[0-22], 141.101.64.[0-18], 108.162.192.[0-18], 190.93.240.[0-20], 188.114.96.[0-20], 197.234.240.[0-22], 198.41.128.[0-17], 162.158.0.[0-15], 104.16.0.[0-12]

    Hope that helps, that fixed it for me

    @Wordfence,
    Can you comment on this approach of @imilleson please?

    199.27.128.[0-21]

    That would be convenient if possible because Cloudflare’s IPs are shown in CIDR notation. For example the first one is 199.27.128.0/21. That range expands to IP addresses from 199.27.128.0 – 199.27.135.255 according to an online tool. How does Wordfence expect that range to be expressed in the format 123.23.34.[1-50] ???
    Thank you.

    Previous post should have been posed to either @wfsupport or @Wordfence

Viewing 15 replies - 1 through 15 (of 22 total)
  • The topic ‘Blocking Cloudflare?’ is closed to new replies.