In my last blog post, I discussed how you can use CloudFlare to prevent bad bots from getting to your site. But, what happens if the bad traffic still remembers your old IP number for the original web server and the bots still get through.
Recently we had one of our Managed Hosting customers experience this very problem. We helped find a solution to this issue.
We understand that it is very annoying when those who set up CloudFlare to thwart nasty bots still find bots reaching their sites. And we understand that changing the IP number of the current web server isn’t a viable option. The next option is to utilize the IP Restriction module on the IIS web server.
You can add the following code to the file, under the <system.webServer> tag:
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<add ipAddress="103.21.244.0" subnetMask="255.255.252.0" allowed="true"/>
<add ipAddress="103.22.200.0" subnetMask="255.255.252.0" allowed="true"/>
<add ipAddress="103.31.4.0" subnetMask="255.255.252.0" allowed="true"/>
<add ipAddress="104.16.0.0" subnetMask="255.248.0.0" allowed="true"/>
<add ipAddress="104.24.0.0" subnetMask="255.252.0.0" allowed="true"/>
<add ipAddress="108.162.192.0" subnetMask="255.255.192.0" allowed="true"/>
<add ipAddress="131.0.72.0" subnetMask="255.255.252.0" allowed="true"/>
<add ipAddress="141.101.64.0" subnetMask="255.255.192.0" allowed="true"/>
<add ipAddress="162.158.0.0" subnetMask="255.254.0.0" allowed="true"/>
<add ipAddress="172.64.0.0" subnetMask="255.248.0.0" allowed="true"/>
<add ipAddress="173.245.48.0" subnetMask="255.255.240.0" allowed="true"/>
<add ipAddress="188.114.96.0" subnetMask="255.255.240.0" allowed="true"/>
<add ipAddress="190.93.240.0" subnetMask="255.255.240.0" allowed="true"/>
<add ipAddress="197.234.240.0" subnetMask="255.255.252.0" allowed="true"/>
<add ipAddress="198.41.128.0" subnetMask="255.255.128.0" allowed="true"/>
<add ipAddress="199.27.128.0" subnetMask="255.255.192.0" allowed="true"/>
<add ipAddress="199.83.128.0" subnetMask="255.255.192.0" allowed="true"/>
<add ipAddress="204.93.240.0" subnetMask="255.255.240.0" allowed="true"/>
<add ipAddress="208.68.208.0" subnetMask="255.255.240.0" allowed="true"/>
<add ipAddress="208.94.240.0" subnetMask="255.255.240.0" allowed="true"/>
<add ipAddress="208.118.192.0" subnetMask="255.255.224.0" allowed="true"/>
</ipSecurity>
</security>
</system.webServer>
The configuration above will block all IP addresses except those specified, ensuring that only CloudFlare can connect.
Note that the list of IPs is current as of today. For the most current list, please see https://www.cloudflare.com/ips/
I hope this helps you get rid of bad traffic to your site.
Learn more about Everleap Managed Hosting services.
No responses yet