False Positive Block of CloudFlare
-
Hello,
I just moved site to new hosting but since the new move I noticed several False positive blockage of CloudFlare
As you can see from the following text written by WordFence blocking CloudFlare
Here is the text
Netherlands Netherlands
IP: 173.245.53.242 [unblock] [make permanent]
Reason: POST received with blank user-agent and referer
Hostname: cf-173-245-53-242.cloudflare.com
No attempts have been made to access the site since this IP was blocked.Here is the actual screenshot
https://easycaptures.com/fs/uploaded/903/9260415948.jpgHere is screenshot of the full page of WordFence setting
2 vital questions that need your answer:
1) Can you go ahead now and tell which Word fence setting could be causing CloudFlare Blockage or is it something else ?
2) What is the exact solution to resolve this ?
Your prompt reply with your detailed answers will be much appreciated
Sam
-
Hello android1pro,
I could not see the screenshot of your settings. The relevant option to change if this has to do with Cloudflare would be “How does Wordfence get IPs”. However, let’s first establish that what you are seeing there is definitely a false positive. Do you know why there are post requests with blank user-agent and referrer being made to your website? That kind of request usually indicates it’s traffic from a bot.#WFIPBLOCKS – Do not remove this line. Disable Web Caching in Wordfence to remove this data.
Order Deny,Allow
Deny from 46.118.116.14
Deny from 173.208.241.82
Deny from 88.41.64.46
Deny from 46.118.81.133
Deny from 31.184.236.43
Deny from 177.225.207.10
Deny from 89.118.136.146
Deny from 134.90.228.189
Deny from 54.67.27.46
Deny from 54.153.47.120
Deny from 94.153.9.65
Deny from 222.109.124.13
Deny from 211.157.180.133
Deny from 46.149.191.237
Deny from 46.118.154.84
Deny from 121.168.118.160
Deny from 217.220.144.54
Deny from 5.133.53.173
Deny from 46.118.158.176
Deny from 192.249.120.50
Deny from 104.236.240.24
Deny from 37.115.190.97
Deny from 195.3.144.88
Deny from 46.118.116.161
Deny from 78.185.14.214
Deny from 37.115.191.119
Deny from 178.137.81.70
Deny from 185.25.48.6
Deny from 46.118.153.202
Deny from 37.217.220.191
Deny from 123.30.175.165
Deny from 123.30.175.163
Deny from 178.137.18.182
Deny from 123.30.175.162
Deny from 123.30.175.164
Deny from 123.30.175.161
Deny from 123.30.175.158
Deny from 192.0.84.33
Deny from 178.63.13.15
Deny from 93.179.69.55
Deny from 24.24.191.50
Deny from 195.154.187.115
Deny from 52.30.145.89
Deny from 46.9.164.175
Deny from 64.68.50.128
Deny from 88.198.16.153
Deny from 91.121.112.142
Deny from 204.12.241.170
Deny from 5.9.138.211
Deny from 144.76.7.107
Deny from 69.30.198.242
Deny from 5.9.83.211
Deny from 176.36.80.39
Deny from 69.197.177.26
Deny from 78.46.174.197
Deny from 151.80.31.119
Deny from 62.210.90.118
Deny from 144.76.44.138
Deny from 85.17.112.142
Deny from 69.30.198.186
Deny from 195.154.156.209
Deny from 188.165.15.121
Deny from 69.30.234.186
Deny from 136.243.75.162
Deny from 162.210.196.97
Deny from 123.30.175.159
Deny from 123.30.175.160
Deny from 69.30.198.202
Deny from 108.59.8.80
Deny from 91.194.84.106
Deny from 192.99.2.27
Deny from 69.30.210.242
Deny from 46.118.118.215
Deny from 92.63.87.97
Deny from 151.80.31.122
Deny from 151.80.31.135
Deny from 194.114.133.131
Deny from 185.92.72.33
Deny from 72.55.168.89
Deny from 46.148.22.18
Deny from 195.22.126.220
Deny from 78.171.146.74
Deny from 188.3.190.190
Deny from 24.133.46.93
Deny from 89.99.206.245
Deny from 176.240.138.15
Deny from 178.137.85.67
Deny from 88.245.24.44
Deny from 78.161.122.35
Deny from 212.252.56.152
Deny from 211.101.15.233
Deny from 37.1.207.240
Deny from 198.57.217.209
Deny from 212.48.92.209
Deny from 162.158.92.148
Deny from 188.114.102.56
Deny from 162.158.56.221
Deny from 141.101.80.215
Deny from 141.101.99.144
Deny from 162.158.210.64
Deny from 162.158.56.197
Deny from 141.101.102.23
Deny from 162.158.180.167
Deny from 162.158.93.157
Deny from 162.158.103.251
Deny from 173.245.55.236
Deny from 162.158.165.220
Deny from 162.158.95.96
Deny from 162.158.103.243
Deny from 162.158.93.129
Deny from 162.158.93.186
Deny from 141.101.81.171
Deny from 141.101.99.32
Deny from 162.158.93.155
Deny from 162.158.92.135
Deny from 162.158.92.139
Deny from 162.158.27.243
Deny from 173.245.48.138
Deny from 141.101.99.146
Deny from 162.158.93.141
Deny from 162.158.93.135
Deny from 141.101.105.217
Deny from 141.101.66.89
Deny from 188.114.111.173
Deny from 141.101.99.145
Deny from 162.158.167.241
Deny from 141.101.99.133
Deny from 162.158.93.158
Deny from 162.158.93.145
Deny from 108.162.217.83
Deny from 173.245.63.146
Deny from 162.158.27.212
Deny from 162.158.27.252
Deny from 108.162.238.67
Deny from 162.158.210.60
Deny from 108.162.238.192
Deny from 162.158.223.207
Deny from 188.114.111.113
Deny from 162.158.165.221
Deny from 162.158.103.200
Deny from 162.158.92.132
Deny from 162.158.115.199
Deny from 162.158.134.84
Deny from 162.158.92.174
Deny from 162.158.180.173
Deny from 162.158.115.211
Deny from 141.101.99.106
Deny from 162.158.93.133
Deny from 173.245.53.242
Deny from 188.114.111.174
Deny from 162.158.103.199
Deny from 108.162.238.110
Deny from 162.158.93.170
Deny from 141.101.81.233
Deny from 173.245.53.239
Deny from 199.27.133.151
Deny from 162.158.103.242
Deny from 162.158.152.53
Deny from 162.158.180.155
Deny from 141.101.97.75
Deny from 162.158.93.172
Deny from 141.101.97.94
Deny from 162.158.192.35
Deny from 141.101.105.57
Deny from 162.158.93.174
Deny from 108.162.221.141
Deny from 162.158.103.210
Deny from 141.101.97.91
Deny from 199.27.133.188
Deny from 162.158.94.96
Deny from 108.162.215.223
Deny from 162.158.134.99
Deny from 162.158.68.53
Deny from 162.158.94.112
Deny from 173.245.53.187
Deny from 108.162.245.67
Deny from 162.158.115.252
Deny from 173.245.53.168
Deny from 173.245.56.243
Deny from 103.22.200.217
Deny from 162.158.165.239
Deny from 162.158.152.5
Deny from 162.158.152.83
Deny from 173.245.49.67
Deny from 173.245.49.250
Deny from 141.101.66.95
Deny from 162.158.203.42
Deny from 162.158.93.171
Deny from 173.245.53.211
Deny from 108.162.250.234
Deny from 198.41.243.60
Deny from 108.162.229.232
Deny from 173.245.53.188
Deny from 141.101.99.215
Deny from 173.245.55.229
Deny from 108.162.246.216
Deny from 162.158.167.220
Deny from 141.101.66.209
Deny from 108.162.238.179
Deny from 141.101.92.60
Deny from 108.162.217.77
Deny from 173.245.62.153
Deny from 141.101.106.149
Deny from 162.158.165.230
Deny from 162.158.115.198
Deny from 108.162.229.173
Deny from 173.245.62.118
Deny from 141.101.66.17
Deny from 162.158.93.166
Deny from 162.158.93.181
Deny from 173.245.53.172
Deny from 108.162.238.189
Deny from 173.245.55.228
Deny from 108.162.238.159
Deny from 162.158.93.138
Deny from 162.158.134.105
Deny from 162.158.92.136
Deny from 162.158.93.187
Deny from 173.245.62.209
Deny from 162.158.211.63
Deny from 188.114.110.112
Deny from 162.158.93.184
Deny from 188.114.103.77
Deny from 162.158.93.180
Deny from 173.245.54.238
Deny from 173.245.53.199
Deny from 141.101.106.221
Deny from 162.158.152.59
Deny from 108.162.221.249
Deny from 141.101.92.210
Deny from 173.245.48.108
Deny from 162.158.93.149
Deny from 141.101.99.210
Deny from 173.245.53.223
Deny from 173.245.54.233
Deny from 162.158.135.220
Deny from 141.101.99.249
Deny from 198.41.239.158
Deny from 108.162.250.228
Deny from 162.158.72.71
Deny from 162.158.165.247
Deny from 162.158.92.145
Deny from 108.162.221.227
Deny from 173.245.49.68
Deny from 162.158.167.239
Deny from 141.101.99.245
Deny from 162.158.93.167
Deny from 162.158.165.229
Deny from 173.245.48.76
Deny from 162.158.92.131
Deny from 162.158.93.146
Deny from 162.158.92.137
Deny from 162.158.94.80
Deny from 141.101.66.83
Deny from 108.162.215.218
Deny from 198.41.234.15
Deny from 162.158.92.140
Deny from 162.158.93.154
Deny from 108.162.245.207
Deny from 108.162.246.167
Deny from 141.101.99.224
Deny from 173.245.50.236
Deny from 141.101.99.18
Deny from 173.245.53.132
Deny from 141.101.105.137
Deny from 173.245.53.234
Deny from 188.114.111.114
Deny from 162.158.167.242
Deny from 108.162.219.151
Deny from 173.245.52.135
Deny from 162.158.39.137
Deny from 173.245.62.106
Deny from 141.101.93.204
Deny from 173.245.62.108
Deny from 188.114.110.166
Deny from 108.162.249.228
Deny from 108.162.250.230
Deny from 108.162.212.128
Deny from 141.101.99.159
Deny from 173.245.53.155
Deny from 188.114.111.172
Deny from 173.245.62.141
Deny from 188.114.103.75
Deny from 108.162.219.214
Deny from 141.101.80.214
Deny from 141.101.99.140
Deny from 103.22.200.250
Deny from 173.245.50.242
Deny from 162.158.93.164
Deny from 173.245.53.141
Deny from 198.41.243.58
Deny from 162.158.72.29
Deny from 108.162.229.166
Deny from 173.245.62.214
Deny from 141.101.99.37
Deny from 162.158.135.237
Deny from 162.158.22.228
Deny from 162.158.92.150
Deny from 162.158.93.190
Deny from 162.158.92.180
Deny from 162.158.180.119
#Start of blocking code for IP range: 185.25.48.0 – 185.25.48.63
Deny from 185.25.48.0/26
#End of blocking code for IP range: 185.25.48.0 – 185.25.48.63
<IfModule mod_setenvif.c>
#Blocking code for referer pattern: https://financereport.co/work-at-home-mom-report-trendtrader/
SetEnvIf Referer http:\/\/financereport\.co\/work\-at\-home\-mom\-report\-trendtrader\/ WordfenceBadBrowser=1
#Blocking code for referer pattern: *gTraderSoftware.com*,*https://financereport.co/work-at-home-mom-report-trendtrader/*
SetEnvIf Referer .*gTraderSoftware\.com.*,.*http:\/\/financereport\.co\/work\-at\-home\-mom\-report\-trendtrader\/.* WordfenceBadBrowser=1
#Blocking code for referer pattern: *https://financereport.co/work-at-home-mom-report-trendtrader/*
SetEnvIf Referer .*http:\/\/financereport\.co\/work\-at\-home\-mom\-report\-trendtrader\/.* WordfenceBadBrowser=1
Deny from env=WordfenceBadBrowser
</IfModule>
#Do not remove this line. Disable Web Caching in Wordfence to remove this data – WFIPBLOCKS
#WFCACHECODE – Do not remove this line. Disable Web Caching in Wordfence to remove this data.
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/json
<IfModule mod_headers.c>
Header append Vary User-Agent env=!dont-vary
</IfModule>
<IfModule mod_mime.c>
AddOutputFilter DEFLATE js css htm html xml
</IfModule>
</IfModule>
<IfModule mod_mime.c>
AddType text/html .html_gzip
AddEncoding gzip .html_gzip
AddType text/xml .xml_gzip
AddEncoding gzip .xml_gzip
</IfModule>
<IfModule mod_setenvif.c>
SetEnvIfNoCase Request_URI \.html_gzip$ no-gzip
SetEnvIfNoCase Request_URI \.xml_gzip$ no-gzip
</IfModule>
<IfModule mod_headers.c>
Header set Vary “Accept-Encoding, Cookie”
</IfModule>
<IfModule mod_rewrite.c>
#Prevents garbled chars in cached files if there is no default charset.
AddDefaultCharset utf-8#Cache rules:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} on
RewriteRule .* – [E=WRDFNC_HTTPS:_https]
RewriteCond %{HTTP:Accept-Encoding} gzip
RewriteRule .* – [E=WRDFNC_ENC:_gzip]
RewriteCond %{REQUEST_METHOD} !=POST
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} ^(?:\d+=\d+)?$
RewriteCond %{REQUEST_URI} (?:\/|\.html)$ [NC]RewriteCond %{HTTP_COOKIE} !(comment_author|wp\-postpass|wf_logout|wordpress_logged_in|wptouch_switch_toggle|wpmp_switcher) [NC]
RewriteCond %{REQUEST_URI} \/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)(.*)$
RewriteCond “%{DOCUMENT_ROOT}/wp-content/wfcache/%{HTTP_HOST}_%1/%2~%3~%4~%5~%6_wfcache%{ENV:WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}” -f
RewriteRule \/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)(.*)$ “/wp-content/wfcache/%{HTTP_HOST}_$1/$2~$3~$4~$5~$6_wfcache%{ENV:WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}” [L]
</IfModule>
#Do not remove this line. Disable Web caching in Wordfence to remove this data – WFCACHECODE
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule># END WordPress
In case you need to know in order to solve this,
last reply is exact copy of .htaccess currently running the siteHere is Screenshot of Diagnostic Tab
https://easycaptures.com/fs/uploaded/904/0515407476.pngHello again android1pro,
The contents of your .htaccess indicate that you have Falcon Caching enabled (under Wordfence Performance Setup). Do you have it enabled? Live traffic does not work when Falcon is enabled, that’s why I ask.Yes off course CloudFlare caching is turned on
Here is the screenshot of the CloudFlare caching setting
Yes Falcon is on
Hello,
Still issue remain unresolvedWordFence Plugin continue to strangely,all of a sudden now,
continue to block IP and say that each of them use the exact same log in user name to loginHere is the sceenshot proof
https://easycaptures.com/fs/uploaded/905/2203589829.jpgDoes WordFence automatically whitelist all IP addresses of CloudFlare ??
Here is the current up to date CloudFlare list :
Where exactly this option you are referring to earlier in your reply
“How does Wordfence get IPs”?
Keep up the good work of helping sites stay protected
Your prompt accurate correct solution will be much appreciatedHello android1pro,
if you click on “Options” in the Wordfence menu and scroll down a bit, right above the blue button that says “Save changes” you’ll find a setting called “How does Wordfence get IPs”. In your case it sounds like you might need to change this to the “CF-Connecting-IP option”. There is a short test here that you can perform to verify that IPs are being reported correctly. More information about how Wordfence gets IPs can be found here.Thanks for getting back with accurate correct solutions that matter and help fix the critical issue at hand
However,
Once again,
Does WordFence automatically whitelist all IP addresses of CloudFlare ??Here is the current up to date CloudFlare list :
https://easycaptures.com/fs/uploaded/905/5029528004.pngIf not then do you think whitelisting the CloudFlare IP list on WordFence,
would this have any significant value to be implemented beside using the CF-Connecting-IP option on WordFence ?Also,
However there seem to be excessive huge amount of bots going thru the site which was not the case on the old hosting?
Is there any setting inside wp admin account that can resolve this issue?
If not what is your best solution ??Hello,
no, WordFence does not automatically whitelist those IPs. You can whitelist them yourself under “Options”/”Other options”/”Whitelisted IP addresses that bypass all rules” but it should not be necessary. The “CF-Connecting-IP” option is only for if you are having trouble with WordFence not receiving the correct IPs.The WordFence Live Traffic shows more now than it did in previous releases. That might be why you are seeing more bots now than you did before. There has also been a surge in bad traffic in the past few weeks. If the bots are trying to reach a particular URL that they should not be trying to reach (for example xmlrpc.php) you can put that in “Options”/”Immediately block IP’s that access these URLs”. This should decrease the amount of requests the can do to your site. Just make sure you don’t put URLs in that are legit because then you can end up blocking yourself.
You can also tweak your settings under “Rate Limiting Rules” to make sure IPs that are spamming requests to your site get blocked.
- The topic ‘False Positive Block of CloudFlare’ is closed to new replies.
