Ban IP Address don't work

Konstantinus · September 18, 2025, 6:33pm

I tried to ban the IP address, but I still see it in the logs.

Restarting the web server has no effect.

Cloudflare blocks 99% of all requests. But I encountered a situation where tens of thousands of requests were coming from one IP address at intervals of 1-2 seconds. All of them were going to the same link. It’s possible that some kind of bot malfunctioned. Cloudflare considered these requests to be legitimate. I decided to add the IP address to the block, but without results. That’s why I was surprised. The functionality seems to be there, but it seems to be completely useless.

sahsanu · September 18, 2025, 6:35pm

Konstantinus · September 18, 2025, 7:01pm

But is the IP blocking feature available in the panel? If it doesn’t work, can it be removed?

sahsanu · September 18, 2025, 8:44pm

Yes, it is.

But the IP you see in the logs is not the real client IP connecting to your server, Cloudflare is the one connecting to your server. The IP you see is the origin IP extracted from the CF-Connecting-IP header sent by Cloudflare. Therefore, you can’t block the IP shown in the logs at the server level, you must block it on Cloudflare’s end.

Konstantinus · September 19, 2025, 6:20pm

Yes, I agree.

But when I blocked the IP at the nginx level (deny xxx.xxx.xxx.xxx;), I got a 403 error in the logs. That is, I potentially unloaded the web server from executing requests to the database.

sahsanu · September 19, 2025, 6:27pm

That’s because, for Nginx, the real IP is that one, not Cloudflare’s IP and that’s due to this configuration added by Hestia:

❯ grep real_ip_header /etc/nginx/conf.d/cloudflare.inc
real_ip_header CF-Connecting-IP;

If you want to block just a few IPs, that’s fine, but it’s an inefficient way to do it.