Hello. Instead of updating my Block Bad Bots firewall rule list with new bots every now and then (maximum expression size is 4096), I was wondering if there’s a rule that only allows specified good bots and blocks all other bots just like the way you would set one IP address to access your WP-Admin area.
There is an option
cf.client_bot which can be used in a Firewall Rule, and the list of “good” and “known” bots can be found at the link below → contains few examples, take a look:
Either use a Page Rule to set “Security Level: High” for WordPress admin area (correctly wp-login.php).
Browser Integrity Check option for your website.
Make sure your DNS records are proxied and set to .
Furthermore, you can block some user-agents, crawlers, etc., there are few I would recommend to add to your
Firewall Rules , like the posted here:
Using Firewall → Tools → IP Access Rules you can block some know “bad” ASN:
In terms of securing your Website by using Cloudflare, there are multiple ways to achieve this, and there are some differences between the Plan you are using.
As far as I see you are using WordPress, kindly may I suggest below article as it cointains really good examples and external sources:
Therefore, some Firewall Tips are published here:
Using the search :
May I suggest below article for more useful information:
What about these GitHub - SukkaW/cloudflare-block-bad-bot-ruleset: Block malicious crawlers with Cloudflare Firewall Rules and apache-ultimate-bad-bot-blocker/bad-user-agents.list at master · mitchellkrogza/apache-ultimate-bad-bot-blocker · GitHub
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.