Our website operates on Cloudflare’s Business plan.
Recently, we have detected that our website gets a large number of visits which, according to our research, are junk visits. These junk visits skew our third-party and in-house tracking reports.
Here are the main characteristics of those visits:
The user agent is “Mozilla/5.0”, which is not a common user agent for legit clients.
They have no referrer page
No cookies
They come from 2 specific ASN’s (both from Amazon)
All of them are GET requests
They come from different countries
We have tried to mitigate those visits with a firewall rule by imposing a Managed Challenge to them. It did not work.
Here is an example of the WAF rule condition:
(http.request.uri.path contains “xyz/xyz” and http.user_agent eq “Mozilla/5.0”)
We also imposed a Browser Integrity Check and “Security Level: High” rule to those requests via a Page Rule. It also did not work.
My questions are:
Why was Cloudflare not able to detect and mitigate those visits without (or with) a WAF rule in the first place?
Do you have any advice on how to deal with these junk requests?
These are junk visits and I just wanted describe their characteristics.
By the way, the user agent is just “Mozilla/5.0”. Do you know this as a legit User Agent? As far as I know it should contain more information (i.e. OS info).
Yes, people do set up crappy stuff on AWS, but I was expecting Cloudflare to detect this behavior one way or another. I am not complaining, this was just my expectation on a paid account.
I will discuss the rule you proposed with my colleagues and get back.
I was just hoping that Cloudflare’s technology would be able to detect these junk traffic automatically.
