Block IP for x minutes when URI contains x

I am trying to find a way to block the incoming IP if the URI contains a certain pattern.
Ideally, I would like to block the IP for x amount of time.

The idea is if the IP is trying to access something like /.env or *.sql, etc then we should block them as those assets should never be accessed by a legit user. Since IP’s change a lot I would prefer to not block the IP forever, but for some time like 1 day, 1 hour, etc.

Is this possible with Cloudflare?

The only way I can see to block an IP for x amount of time is with Rate Limiting rules, but that will only block for that URI only. I want to block the IP if they try and make other requests. Often I see bad users trying tons of URI’s to see what they can find on the server.

Thanks

Apart from rate limiting (of which the features are fairly basic on the lower plans), the WAF is stateless and handles each request on its own.

After blocking a number of request types as the WAF, we handle this sort of thing by having a Cloudflare list…

…which is used in a block or challenge rule in the WAF.

The list is updated using the Cloudflare API from code on our origin with IP addresses that hit our origin in a bad way (too many 403s or 404s over certain intervals) and those IPs can be expired and removed from the list automatically a certain time later.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.