Incompatibility With Cloudflare... or Something.

I’m at my wit’s end with trying to figure this out.

I have Cloudflare installed on this server using the CPanel plugin. CSF is also installed, along with mod_sec and comodo rules.

Here are the issues…

  1. Cloudflare IP’s continue to appear as being attacks in mod_security though mod_cloudflare is installed and the IP’s have been whitelisted.

  2. Occasionally, a hacker will hit on a rule that will throw a 403 for everyone visiting that website. This happened Easter evening to a number of sites.

  3. Many of the IP’s are not being recognized as valid IP’s, so the attacker just keeps hammering away at the server until they get bored. They never get blocked. I cannot even block them manually through the CSF interface. (example in screen grab)

I don’t know what to do here. Absolutely nothing I’ve tried has worked, and I cannot find any threads about this online. This is the second server I’ve had similar issues with, so it’s something in the configuration, but what??? :-\

Any help would be very appreciated.

~ Corey

You can try disable “bruteforce protection” group. If this helps, let us know, so we’ll search for a solution.

Hi TDmitry,

Good news! I hit up Cloudflare about this again and was able to get an answer to why it’s happening. I want to give it some time to verify it’s all working correctly, then I will share what I’ve found so that it might help others.

It’s actually an edit in mod_cloudflare that is made necessary because of having Varnish installed. Not an actual issue with mod_security or ComodoWAF - but still good info since this is bound to come up again and an obvious answer isn’t available online. :azn:

~ Corey