Block HTTP GET attack

Hi,

my wordpress website suffer form an HTTP attack of GET requests from different IP’s from multiple countries ( USA, Germany, Albania, Saudi Arabia…) stressing my server, currently I have enabled Under Attack Mode all these requests getting challenge my server load went down, but I can see on CF firewall the attack is still sending requests!

the attack requests targeting my root domain containing
Path: /
Query string: ?4712500

all requests containing same query string but with random numbers like
?6360084
?2772070
?6999402

is there any firewall rule to block this kind of query?

This firewall expression should work:
(http.request.uri contains "/?0") or (http.request.uri contains "/?1") or (http.request.uri contains "/?2") or (http.request.uri contains "/?3") or (http.request.uri contains "/?4") or (http.request.uri contains "/?5") or (http.request.uri contains "/?6") or (http.request.uri contains "/?7") or (http.request.uri contains "/?8") or (http.request.uri contains "/?9")

3 Likes

Brute force :smile:

:boxing_glove: :fire: with :fire:.

3 Likes

Hi sdayman,

thanks for your reply, the cloudflare firewall logs showing query strings ?5746244 the string does not contain =

should i use (http.request.uri contains “/?0”) or (http.request.uri contains “/?1”)
or I just use the one you mentioned?

Ok. Fixed.

1 Like

Bingo ! starts blocking immediately 260.83K !!!

2 Likes

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.