I have two WAF rules:
Blocked Countries (Action = Block)
(not ip.geoip.country in {“AU” “IN” “IE” “NZ” “PH” “GB” “US” “CA”} and not cf.client.bot)
WP Login (Action = Managed Challenge)
(http.request.uri.path contains “wp-login”)
When I look at the activity of the WP Login rule, I there are 40 records in the last 24 hours, all from the countries that aren’t blocked.
The CSR for WP Login is 0%. I believe this means these are bots unknown to Cloudflare that fail the WP Login Managed Challenge.
Am I correct?
Thanks,
John