Challenge traffic from country unless organic

Hey All,

I had suss traffic last few days from countries that I may get legit 20 to 100 hits a day from Google/bing compared to my regular u.s traffic.

One country majority wasn’t organic and clicked bombed some ads, so I would like to javascript all visitors from a country unless from Google or whatever other search engines.

I would think using the referrer be the best solution, but do I add google, for example, or is it case sensitive? Along with adding any other info?

Would something like this work? using my country as an example.

(ip.geoip.country eq “AU” and http.referer contains “bing” and not cf.client.bot) or (ip.geoip.country eq “AU” and http.referer contains “google” and not cf.client.bot)

If so, is it possible to clean it up, instead making multiple rules for each country to whitelist google, bing, yahoo, yandex, baidu can I do it with an expression in one hit?

Thanks

You can cluster all the countries in a “Is In” list. But if that’s a JS Challenge rule, then you’ll be challenging anybody coming from bing or google. And “referer” should be lower case only, as it’s a URL.

Thanks for the country tip, did not think of that :slight_smile:

(ip.geoip.country in {“AU” “NZ”} and not cf.client.bot and not http.referer contains “google”)

Tested as I am from AU, sadly was getting challenged hitting my site off google, tried same with duckduckgo and bing even when using google was getting challenged, so my idea is not going to work out sadly, which sucks.

I will just have to JS challenge the entire country and exclude known bots. I thought I could be a bit more cheeky and friendlier to legit organic traffic.

Wish superbot mode was a bit more friendlier.

Unfortunately, the Firewall log here doesn’t show you what Referer it sees.

What I end up doing is looking at the IP address of the bots and do a lookup at whois.com to see which ASN (OriginAS) it is. It’s usually a host like AWS or OVH, so I just challenge the ASN (just the number part).

Yeah but ASN blocking can affect AdSense external get requests to pull the advertisements back to the page from what I understood from an earlier post here, so that sort cannot happen; if not, I’d have an extensive list of ASN’s blocked haha

My Firewall Rules list usually starts with an Exception rule, so anything I want to let through is given an Allow. After that, it’s all Challenges and Blocks. Sometimes I start with a challenge or block for my Absolutely Not/No Way list.

that is not a bad idea honestly.

so say, js challenge all if not known bot, and does not equal x country 1, x country 2 etc?

That’s a good start for Rule #2. But with Country Is Not In list. And Rule #1 would be your exceptions (Allow). That’s if you have a target audience is in a small list of countries.

(not ip.geoip.country in {“US”} and not cf.client.bot) this rule # 2 ? isn’t this the same as allow all known bots. Sorry bit confused.

Thanks

With no rules, all bots are allowed. If you put an Allow for all known bots in Rule #1, it’ll never get to Rule 2 since you just got a match, therefore you don’t need to mention bots in rule #2.

What (Not US and Not Known Bot) does is challenge all non-US visitors unless they’re a good bot.

o I think I get it.

Do the rules follow a priority? This is in the main menu where you can see the CSR rate?

I did not know this thanks for that unless I am wrong again, hah.

At one point, I heard an Allow is given priority regardless of position, but docs say it’s in list order unless configured otherwise:

https://developers.cloudflare.com/firewall/cf-firewall-rules/order-priority

1 Like

Thanks this helped clear it up.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.