Block IPs for an extended period on firewall rule match

I have a website that is frequently targeted by attackers. I have a couple of firewall rules that are able to accurately detect such attackers, but this motivates the attackers keep changing headers or protocols in an attempt to get around them, and they are sometimes successful in doing so.

Is there a way I can block the attackers on the first firewall rule match, for an extended period?

This is possible with Workers if you implement your own detection mechanism in javascript and call this Cloudflare API, however that might get expensive depending on the routes you want to protect and your request volume. This isn’t a built-in feature.

1 Like