cloudflare · pedrosousa · Oct 14, 2024 · Oct 14, 2024 · Oct 14, 2024 · Oct 14, 2024
@@ -91,6 +91,34 @@ Block Amazon Web Services (AWS) and Google Cloud Platform (GCP) because of large
 
 If you have [SSL/TLS certificates](/ssl/) managed by Cloudflare, every time a certificate is issued or renewed, a [domain control validation (DCV)](/ssl/edge-certificates/changing-dcv-method/dcv-flow/) must happen. When a certificate is in `pending_validation` state and there are valid DCV tokens in place, some Cloudflare security features such as [custom rules](/waf/custom-rules/) and [WAF Managed Rules](/waf/managed-rules/) will be automatically disabled on specific DCV paths (for example, `/.well-known/pki-validation/` and `/.well-known/acme-challenge/`).
 
+### Understanding Why Cloudflare Blocks IP Addresses
+
+1. **Security Measures**:
+- **Web Application Firewall (WAF)**: Cloudflare uses a WAF to protect websites from various online threats, including malicious traffic, DDoS attacks, and common vulnerabilities. If your IP address is associated with suspicious or malicious activity, it might trigger the WAF and lead to blocking.
+- **High Security Settings**: The website owner might have set their Cloudflare security settings to a high level, making the filtering of incoming traffic stricter. This could cause even legitimate users to be blocked or face challenges.
+
+2. **Rate Limiting**:
+- **Excessive Requests**: Cloudflare may block an IP address if it detects an unusually high number of requests in a short period. This is a protective measure against potential abuse or attacks.
+
+3. **Malicious Bot Detection**:
+- **Bot Traffic**: Cloudflare employs bot detection mechanisms to distinguish between legitimate users and automated bots. If your IP behaves like a malicious bot, it could be blocked.
+
+4. **IP Reputation**:
+- **Blocklisted IPs**: Cloudflare might block IP addresses listed on public blocklists due to their association with known malicious activities.
+
+**What to Do if Your IP is Blocked?**
+
+1. **Check Cloudflare Security Events**: Cloudflare provides a Security Events log where you can check for specific reasons your IP might be blocked. Look for details on the type of threat or activity that triggered the block.
+
+2. **Contact Website Owner**: If you are a legitimate user and your IP is wrongly blocked, contact the website owner or administrator. They may be able to allowlist your IP or investigate the issue further.
+
+3. **Verify Your Own Website Traffic**: Check for Abnormal Activity. If you manage a website behind Cloudflare, ensure that your site’s traffic is legitimate and not triggering security measures inadvertently.
+
+4. **Check Your IP Reputation**: Verify whether your IP address is listed on public blocklists (e.g. projecthoneypot.org)	. If so, take steps to address any issues that may have led to the listing.
+
+5. **Adjust Security Settings**: If you’re a website owner using Cloudflare, consider adjusting security settings to find the right balance between protection and accessibility.
+
+
 ## Bots
 
 ### How does the WAF handle traffic from known bots?
@@ -146,4 +174,4 @@ Make sure you are looking at the correct request.
 
 Only requests that triggered a challenge will match the request parameters of the rule. Subsequent requests with a `[js]challengeSolved` or `[js]challengeFailed` action may not match the parameters of the rule — for example, the bot score may have changed because the user solved a challenge.
 
-The "solved" and "failed" actions are informative actions about a previous request that matched a rule. These actions state that "previously a rule had matched a request with the action set to *Interactive Challenge* or *JS Challenge* and now that challenge was answered."
+The "solved" and "failed" actions are informative actions about a previous request that matched a rule. These actions state that "previously a rule had matched a request with the action set to *Interactive Challenge* or *JS Challenge* and now that challenge was answered."