Blocking Autodiscover GET and POST requests using Cloudflare

Badly configured MS Exchange servers can flood your web logs with 404s from GET and POST requests for variations of autodiscover.xml.

Fortunately you can use the firewall rules to block it via simple regex or expressions. However, if you have used the Firewall Tools env to whitelist your client or office IPs and the exchange server is from the same range you will be wasting your time. Tools rules takes precedence. We had to remove the IP range whitelist from the old Tools section and add as the last rule in Firewall rules with a bypass for the WAF rules. The first rule blocks the GET and POST requests that matched autodiscover.xml (check your logs to make sure you capture the variations in your regex) and the last rule is ALLOW for the internal IP ranges. This means Admin users (of Drupal) can edit without getting blocked.

If you want more detail am happy to share rule details.

Hi. Do you still have the rule details? Thank you and best regards

1 Like