Block IPs who scan for .ENV files?

Is there a way to permanently block IPs that scan for .env files? Clearly these are bad actors. Is there a way to block any scans containing “.env”. I have CF Pro.

There’s no automated way to do this within the Cloudflare dashboard. Not only that, but bad actors cycle through IP addresses. Your permaban list would grow like crazy and be mostly useless.

I just create a firewall rule that blocks access to the typical files attackers are looking for. Their efforts are futile, but I don’t want them wasting my resources.

The problem is then I have to keep monitoring their attacks and adding to that rule. I am trying to make this as automated as possible. If they have to change IPs because of a 429 block it would be much more difficult for them to continue the attacks as opposed to a simple request and then try another one…

This topic was automatically closed after 30 days. New replies are no longer allowed.