Tag Archives: Cloudflare

Cloudflare Location Check

Recently I had a client come to me with a very interesting problem. They have multiple web servers running behind a Cloudflare load balancer and the majority of those requests flow through the load balancer and are directed properly. However, there were still a number of requests that would make it through straight to the origin IP’s. The majority of those requests were often attempts at common WordPress exploits or simply plugin scanning looking for vulnerable plugins. If those requests were properly going through Cloudflare they would be dealt with by the Cloudflare firewall but by using the IP address these bad actors were able to bypass that layer of security.

Thankfully Cloudflare has a way to check to see if the request actually passed through Cloudflare if the website has turned on the Cloudflare IP Geolocation. That service automatically adds the country code value passed along in the CF-IPCountry request header to the origin web server. If you want to know more about the Cloudflare IP Geolocation check out their support document.

The logic is pretty simple, if the request does not have the CF-IPCountry request header then the request did not pass through Cloudflare (and the Cloudflare Firewall) so redirect the request back to the fully qualified domain name.

/**
* Cloudflare Location Check
*
* Checks for the Cloudflare location header. This is only there if the visitor has come through Cloudflare.
* If the request does not have this it is direct access and should be redirected to the host name
*
*/
function lgr_cflocation_check () {
//the country header is added by Cloudflare. If it is not there then this is direct IP access and needs to be redirected.
if( !$_SERVER["HTTP_CF_IPCOUNTRY"] ) {
//send them to the full URL which should add it.
header("Location: ".home_url().$_SERVER['REQUEST_URI']);
die();
}

}
add_action( 'init', 'lgr_cflocation_check' );

If you are having problems with direct access to your website through the IP address this might help you.

ClassicPress Compatible with Cloudflare Automatic Platform Optimization

I am a big fan of Cloudflare, if you had not known that by my previous posts on them. In Friday October 10 2020, during their Birthday week celebration announcements they released a new feature called Automatic Platform Optimization. This new feature is targeted specifically at WordPress users, which is understandable, WordPress websites account for… Continue Reading

CloudGuard

It was not long ago that I was looking for a way to block visitors from some countries on some of my clients websites. The sites really only needed to be accessible from North America and did not need to be exposed to the extra visitors, bandwidth and possible hackers that might just want to… Continue Reading

Spam, Spam and More Spam

As long as there has been the ability to leave comments on websites there has been spam. I recall creating a guestbook for a client once and even though the guestbook used a captcha it did not take long before it started to become overwhelmed with spammy comments. Fighting spam has become so difficult in… Continue Reading

WordPress Brute Force Attack

There have been reports that a distributed attack is going on trying to brute force WordPress websites. If you run a WordPress website you should be aware that your site might come under attack. I have noticed one site that is managed by me come under attack in the last 24 hours and it has… Continue Reading

The Need For Speed

I have talked about different methods to speed up your website in the past. By enabling GZip, using external files for CSS and Javascript and signing up for Cloudflare are all great methods to help speed up your website. It is becoming more important all the time in the eyes of search engines (particularly Google)… Continue Reading

Cloudflare

Having a reliable and fast serving website is essential today. You can have the best website in the world but if it is not up when people are trying to load it then there is not much point. Not to mention how important it is to have a fast loading website. Having a content delivery… Continue Reading

Privacy Preference Center

Necessary

Advertising

Analytics

Other