Protection from CIDR range
Does Cloudflare have protection against traffic that is originating from a CIDR range? We had increased traffic to our site today and after investigation realized it was coming from a range of IP addresses -- bot net style. We put a rule in to block it, however, wanted to investigate is Cloudflare had this as a service?
4 Replies
Support AI
According to the Cloudflare documentation, you can use the Cloudflare Firewall to block traffic from specific IP addresses or IP ranges, including CIDR ranges.
You can create a Firewall Rule to block traffic from a specific IP range by following these steps:
1. Log in to your Cloudflare account and go to the Firewall tab.
2. Click on "Create Firewall Rule".
3. Select "IP Address" as the rule type.
4. Enter the IP range you want to block in CIDR notation (e.g., 192.0.2.0/24).
5. Set the action to "Block".
6. Click "Save and Deploy".
Additionally, Cloudflare also offers a feature called "IP Firewall" which allows you to block traffic from specific IP addresses or IP ranges at the edge of the network, before it even reaches your origin server.
You can also use Cloudflare's "Rate Limiting" feature to limit the number of requests from a specific IP range, this can help to prevent abuse and reduce the load on your origin server.
It's also worth noting that Cloudflare has a feature called "IP Reputation" which can help to block traffic from known bad IP addresses, this feature is enabled by default for all Cloudflare customers.
You can find more information about these features in the Cloudflare documentation:
* Firewall Rules
* IP Firewall
* Rate Limiting
* IP Reputation
Source: https://developers.cloudflare.com/firewall/rules/
Sources
This is an AI generated response, it may not be 100% accurate. Please validate the output. You can ask followups by replying to this message or mentioning me.
Can it automatically detect this rather than us finding it?
I dont think they do auto-range protection due to the nature of most attacks, but their attack methodology isn't entirely transparent, if I were you I would look at the logs and configure blocking/challenge based on the malicious cidr or entire ASNs
That's what we ended up doing.
Was just curious if there was "take my money" feature.