search

romainmarcoux / malicious-ip

Aggregation of lists of malicious IP addresses, to be blocked in the WAN > LAN direction, integrated into firewalls: FortiGate, Palo Alto, pfSense, IPtables
https://www.linkedin.com/in/romainmarcoux/
101 stars 4 forks source link

Your list is blocking Cloudflare IPs! #1

Closed mahmoud1973 closed 5 months ago

mahmoud1973 commented 5 months ago

Hi, Thanks for your efforts but your list contains Cloudflare IPs. If you don't add filtering for Cloudflare IP ranges then the list will be totally useless.

romainmarcoux commented 5 months ago

Thank you for your support and feedback. Cloudflare IP are now whitelisted .

romainmarcoux commented 5 months ago

Potential explanation: some honeypots are poorly configured and they identify, as malicious traffic, traffic that is in fact return packets from their internal clients. This is why I have done and continue to do enormous statistical and analytical work to identify these false positives, which are fortunately a very small minority.

mahmoud1973 commented 5 months ago

Potential explanation: some honeypots are poorly configured and they identify, as malicious traffic, traffic that is in fact return packets from their internal clients. This is why I have done and continue to do enormous statistical and analytical work to identify these false positives, which are fortunately a very small minority.

All sites using Cloudflare as a reverse proxy , all incoming traffic is routed through Cloudflare's servers. This means that all server logs will show Cloudflare IP addresses instead of the actual client IP addresses.

That's why it's completely normal to see Cloudflare ip ranges blocked all around ip lists. It's extremely important to whitelist all Cloudflare ip ranges.