Block IP or machine with over "x" attempts per minute

Hello,

I need your help. Several times a day a bot or pre-programmed routine goes through our site slowing it down. I want to create a rule that will block or challenge the machine that is doing it for “x” time or completely if it exceeds “x” per minute. Is rate limiting the only way to do this? We don’t have that available with our basic plan so I am wondering if there is any other way to achieve this or something fairly similar.

Thank you in advance

If you know the IP, you can simply drop/reject or do “block” (action) using Firewall rules at the Cloudflare dashboard.

If the host is accessing something, like URI path or has some query string or else, you can even restrict by the IP and that too.

Rate Limiting is also a good option, but it can be exceeded if the host make a lot of attempts or requests.

Cloudflare Firewall rules also only protects the hostname which is :orange: (proxied by Cloudflare). If someone bypasses the proxy and goes directly to your server’s IP address, then you should look after your iptables and block the IP directly at your origin/host.

I don’t know the IPs because unfortunately they show up as 2a01, 2a06, 2a07, etc.

Where do they show up? At Cloudflare Firewall Dashboard or at your origin/host log files?

Do you mean just a part of IPv6 address or the full (shortened) IPv6 address, or some other unknown User-Agent?

Do you have some query part or a part of the URI path where the bot goes or triggers a by it’s routine?, by which you could block the oncomming requests using the Cloudflare Firewall Rules.

Have you got Bot Fight Mode (under Firewall → Tools) and Browser Integrity Check (under Firewall → Settings) option enabled at Cloudflare dashboard?

Thank you for your reply.

They show up at my website’s internal “online visitors” screen.

Unfortunately the full IP is not displayed only something like 2a01, 2a06, etc.

I thought of this but it’s too general to be able to create a rule right now (www.site.com/en*)

Yes, I have got Bot Fight Mode on. But if this is being done using Selenium or Marionette where you can program the browser then technically speaking, I don’t think Cloudflare would detect it unless I start challenging everyone.

Is there a section in Cloudflare where I can see the IPs of all the requests being made? This way, if I see the IP in Cloudflare, I can simply just block it manually and that will stop it for the time being. Yes, they can get rotating IPs but at this point Cloudflare is more likely to spot it. I couldn’t find a location in the dashboard where I can see the IPs of all the requests, only the IPs blocked but since this one is no being blocked, I can’t find it.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.