I have a website, it does not have phpMyAdmin, but I see (via access log) someone trying to access /phpMyAdmin and many other sensitive urls. I know - it’s a bot, it scans my website.
I need to automatically BLOCK this bot by IP address instantly when he hit some url (ex: */phpMyAdmin)
Can I do it ?
Similar functionality is provided by Rate Limit function, it works exactly as I expect if I configure (1 hit per 1 minute, then block for 1 hour) BUT, it blocks access ONLY to specified URL, but I need block by IP to entire web-site.
Not that I’m aware of. Even if you could, you would need a way to eventually unblock that IP address, as you’ll end up with a very long list.
Having a website probed for vulnerabilities is normal, and if you blocked every IP address that probed every vulnerability, you’d end up with a very very long list.
Since you’ve checked your log and know it’s a bot, does it have a consistent User Agent string you can block? “User Agent Blocking” is a feature on the Cloudflare Firewall settings page.
Nothing built-in, no. The only thing you can play with to pattern match the access of certain paths is ‘Page Rules’ but that is nowhere near sophisticated enough to be able use on its own to provide what you want.
As already mentioned you can block by user-agent if these bots are ‘obvious’ (e.g. they use cURL, say). However user-agent blocking only matches exact user-agent strings (no pattern-matching) so you end up needing multiple rules just to block the most common versions and variants on the usual script-kiddie tools.
That being said, it might be of use if you’re being targeted in some way.