Block bot and IP traffic

We need to stop a IP from hitting our server we are under attack from rogue IP bot

Hi there,

To block a specific single IP, IMO the easiest way would be to create a custom WAF rule by going to Security > WAF > + Create Rule, and creating something like this:

Related documentation:
Create custom rules in the dashboard · Cloudflare Web Application Firewall (WAF) docs.

Take care.

1 Like

we have an excessive traffic that is a bot and not real humans how do we stop that

this is not real people

now we need to neutralize the target

please find the IP that is hitting this site 50000 times in last 24 hrs

Hi there,

If you’re actively under attack, my advice is that the 1st thing you should do is go on your security settings and enable I'm Under Attack:

To better detect/block automated traffic, go to Security > Bots > Configure Super Bot Fight Mode, set Definitely automated to Block and enable JS detections.

Consider also updating your managed rules to the latest version gong to Security > WAF > Managed rules > Review configuration, then enable Cloudflare Managed Ruleset and press Deploy.

As an end note, updating to the new analytics will help you better understand traffic hitting your zone. Update it in Analytics & Logs > Traffic and press Try our new Web Traffic analytics:

Take care.

Please stop the unwanted bots. The bots are using many IP address, how does the firewall stop bots? we need a rule to stop bots and only want USA traffic, we have team in India and phillipines

You can use the tools that @mcorreia shared to identify the defining characteristics of the unwanted traffic. Those traits can the be use to write and deploy firewall policies that meet your needs.

Our website won’t load now since we took off under attack mode
Please find solution on why site won’t load now

We reset permalinks site loads. Please make sure we have cloudlare waf ans stop unwanted bots

This is a list of Cloudflare rules I use, which includes some data center ASNs, and it might be helpful to you.

(ip.geoip.asnum in {12816 12786 18450 197540 24961 26496 35908 46606 54600 60068 22773 18978 7922 61317 6079 397391 46562 22616 26347 45916 22394 202594 40676 398101 396362 6167 54290 135981 21686 7303 138997 22418 140224 46475 20001 43959 41378 29802 10013 9824 4766 209 43260 7565 40676 3786 28438 13287 3786 24641 7925 62041} and not or (ip.geoip.asnum in {14061 20473 2914 16276 24940 8100 45102 36352 135377 63949 54994 3462 35908 8075 12876 14618 16276} and not

At the same time, you can use the IP list feature to block IPs you consider threatening, turn on the automatic bot attack mode Cloudflare bot solutions
, enable the ‘Under Attack’ switch when necessary. You can also use WAF rules to manage challenges for visitors from non-main service areas.

Please note that this response has been partially machine-translated and may contain inaccuracies. Thank you for your understanding.

1 Like

Hi there,

You’re asking for solutions but are not willing to follow advice.
From all the advice I gave you, the only thing you did was enable IUAM, which is fine when an attack is in progress, but you can’t expect WAF to block automated traffic if you have it set to allow.

Also, there are new signatures that might help in the new managed rules:

And risking repeating myself, the new analytics are a great tool to have enabled that will allow you to better analyze the traffic hitting your zone overall. It’s included in your current plan at no cost, so there’s no downside in enabling it.

Take care.