🛡️ NeetoDeploy Edge Spike — neeto-deploy-web #7439

spike.crushit.cafe
you are 216.73.217.13 · Columbus, Ohio, US · served by Cloudflare colo CMH · ray a185f6170e423488-CMH
How this request reached me

You216.73.217.13
Cloudflare edgeTLS + WAF · CMH
Locked NLBSG: Cloudflare-only 🔒
Traefiktraefik-spike-7cc8b4c7fc-p6q98
This appspike-app-798d894cb7-h4szk

Hitting the NLB directly (bypassing Cloudflare) times out — its security group only admits Cloudflare’s published IP ranges. That is the point of this spike.

Active WAF rules on this hostname (zone: neetodeployapp.com, plan: Pro, scoped to *.crushit.cafe)

RuleMatchesActionTry it
Query blockquery contains "waftest"block (403)GET /?waftest=1
Path blockpath starts with "/admin"block (403)GET /admin
Bad botuser-agent contains "BadBot"block (403)curl -A "BadBot/1.0" https://spike.crushit.cafe/
Rate limitmore than 10 requests in 10s from one IPblock 60s (429)refresh this page 10+ times quickly
Request headers as they arrived here

Hostspike.crushit.cafe
User-AgentMozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; [email protected])
Accept*/*
Accept-Encodinggzip, br
Cdn-Loopcloudflare; loops=1
Cf-Connecting-Ip216.73.217.13
Cf-IpcityColumbus
Cf-IpcontinentNA
Cf-IpcountryUS
Cf-Iplatitude39.96118
Cf-Iplongitude-82.99879
Cf-Metro-Code535
Cf-Postal-Code43215
Cf-Raya185f6170e423488-CMH
Cf-RegionOhio
Cf-Region-CodeOH
Cf-TimezoneAmerica/New_York
Cf-Visitor{"scheme":"https"}
X-Forwarded-For216.73.217.13, 104.23.243.80
X-Forwarded-Hostspike.crushit.cafe
X-Forwarded-Port443
X-Forwarded-Protohttps
X-Forwarded-Servertraefik-spike-7cc8b4c7fc-p6q98
X-Real-Ip104.23.243.80