To mitigate this issue, users should use custom certificates. As for the Allowlist Cloudflare IP Addresses tool, attackers can create a Cloudflare account, point their domain’s DNS A record to the victim’s server’s IP address, and turn off all protection features for the custom domain. This allows them to route malicious traffic through Cloudflare’s infrastructure, appearing as legitimate traffic from the victim’s perspective.
The researcher suggests using Cloudflare Aegis to define a more specific aggressive IP address range dedicated to different clients to address this issue.
