In this video I describe how an attacker may be able to bypass cloudflare restrictions by finding the IP address of the origin server. There are 2 fixes that can be done:
1) Request a new IP address from your provider (VPS, Internet service)
2) Block access to port 80,443 from non cloudflare origins
Number 2 must be done to ensure the fix is permanent. However, if you feel your need assistance in resolving this or any other security issue please contact me:
info@ljcybersolutions.uk
Update: I know I went swiftly passed the solution for step 2, however, every infrastructure is different please reach out to me above and we can discuss the details.