my website is under attack and I see that the attacker is bypassing the cloudflare security by entering the website with the IP and not with domain name, I am wandering if I can protect my website by making my apache-based website block all the requests that doesn't have the name of my website in the host header of the attackers requests
CodePudding user response:
Even if you did do this all the attacker has to do is add the header to their requests and you're still having the same problem. You need to block access from non-cloudflare IP ranges at the firewall.
https://www.cloudflare.com/ips/
Make sure that you put in an allow your for yourself for testing.
CodePudding user response:
i don't know if this will protect my website "and" i forgot to mention that i am using xampp windows
anyway from the xampp rules file i just entered
<If "%{HTTP_HOST} == 'website'">
</If>
<Else>
RewriteRule ^.*$ http://website/$1 [L]
</Else>
and it worked
that's it that's the answer for the question i asked