Block IP completely if it triggers another Security rule?

We have the following case:

We use a WAF Security rule to prevent vulnerability scanning attacks, for example on wp-admin paths.
Unfortunately, it’s not possible to list all possible cases that the attackers use (they often also bomb our API endpoints, etc)

Is it possible to have a rule in Cloudflare saying:
If particular IP address violates rule ABC then block it off completely?

Other than rate limiting, the WAF is stateless so each request is evaluated in isolation.

You can implement your own logic as we do that detects abuse at the origin (excess 403s and 404s, bad or protected URLs requested, etc) and then updates a list linked to by a WAF rule using the API to challenge/block the IP or ASN.

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.