Blocking irrelevant countries to protect my site with WAF

Recently, like many others, I’ve been having issues with AdSense. Initially, they said I had invalid clicks, but who knows what the actual problem is.

Because of this, I took a closer look at traffic on my websites and noticed traffic from Indonesia on one site.

Due to AdSense, but also generally, I want to block irrelevant traffic. The only concern I have is potentially blocking search bots from Google and Microsoft (Bing).

I am located in an EU country, and my traffic is from this country and two neighboring countries.

In my WAF, I currently have the following blocking rules set up.

continent Asia OR country<>‘Japan’

continent = ‘Africa’ OR continent = ‘South America’ OR continet = ‘Tor’ continet = ‘Antartica’

country = ‘Russia’

Am I missing something or should do something else?

Thank you

P.S. There might be similar topic but I think there will be searches with keyword ‘AdSense’ and ‘invalid clicks’ so this topic might be usefull to the others

Hi there,

You could simply use a rule like this:


The expression I used was:
(not ip.geoip.country in {"FR" "IT" "PT" "ES" "DE"} and not cf.client.bot)

This basically blocks all traffic except if the origin IP comes from France, Italy, Portugal, Spain, or Germany or if it’s a known trusted bot.
Use it as a template and change for the countries you wish to allow.

Note that this rule won’t explicitly allow those countries through your firewall, instead it will block the ones not listed there, but the ones listed there will still have to go through all the firewall components, so your website will remain protected.

Btw, here you can find the list of Cloudflare verified bots:
https://radar.cloudflare.com/traffic/verified-bots

Take care.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.