Account-Wide Firewall Rules

This would be great to have. At the moment, I’m blocking all XMLRPC.php bot requests, and need to do this site by site with the following expression:

(not ip.src in {122.248.245.244/32 54.217.201.243/32 54.232.116.4/32 192.0.80.0/20 192.0.96.0/20 192.0.112.0/20 195.234.108.0/22 192.0.96.202/32 192.0.98.138/32 192.0.102.71/32 192.0.102.95/32} and http.request.uri.path contains “xmlrpc.php”)

It would be great to simply input this in a single account-wide setting.

Thank you.

I use a bigger hammer. I track down the ASN of those because it’s usually a VPS host that shouldn’t be hitting my site. And then block it for all domains. But I do agree. I have a hefty firewall expression that I copy/paste to many of my domains.

Funny thing, though. The Allow/Deny firewall tool is the only account-wide setting I can readily think of. All other settings are per-zone only.

1 Like

Ip lists came out last week and that might help? So your rule could be if ip in list.

I don’t think the IP lists can be combined with specific URL’s yet.