Blocking traffic originating from Facebook

Hello!

We seem to get a lot of traffic that says it comes from m.facebook.com or l.facebook.com, although I don’t know if it really does come from there. It comes from different “people” on different devices in different countries. I’m not sure if it is part of a bot network with infected devices.

For example:

11 Jun, 2021 10:00:48
JS Challenge
United States
2a03:2880:21ff:a::face:b00c
Firewall rules
11 Jun, 2021 10:00:48
JS Challenge
United States
2a03:2880:21ff:9::face:b00c
Firewall rules

Is there a way to challenge all Facebook traffic like this irrespective of country of origin?

People click on the Facebook post which could contain link to your webpage, then it points them to your webpage.

But, yes, sometimes we get some “external hits” by Facebook, either by crawler, or Debug/share tool or some otherway.

Interesting, all the requests were challenged?, and triggered by Firewall and shown up at Firewall events at you.

You can block or challenge the whole Facebook by it’s AS number creating an Firewall rule with action “challenge” for it’s AS number, but maybe it was some proxy or a tool made by Facebook?

I assume you would see the real IP addresses from visitors, and not the proxy of Facebook or something like that.

1 Like

Thanks for the reply. I’ll look into your AS number suggestion.

I don’t believe it is genuine traffic, so not people following a link to our site from Facebook. I think it’s a way of making the traffic look less suspicious.

I think it is being challenged because of country rule at moment.

1 Like

Or if you have some other information, like which HTTP version and which User-agent was it in Firewall events, you can block that traffic by that specific criteria.

Possible, yes.

1 Like