Block all countries besides mine but allow Google bots

What is the name of the domain?

example.com

What is the issue you’re encountering

I have created the following WAF rule but I just can’t seem to figure out how to allow known & good bots from accessing the site. Mainly, I need Google bot to be able to access it without any issues. This is my rule: (not cf.client.bot and ip.geoip.country ne “ZA”). What changes should I make to this rule to make it work properly? Basically, I get a ton of what appears to be spam like traffic from US/RU and other regions. Therefore, I want to challenge all requests from other countries but allow the good bots. It would also be better if I can sort of add something that check the threat score and then challenges the request if the user is outside my country.

You can refer to this example and adjust it based on your needs.

1 Like

This is perfect and exactly what I needed. Thank you so much.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.