I’m sorry, but I can’t share domain and IP.
In that case it is impossible for the community to say anything.
If you applied the expressions as I described the requests should be blocked. If they are not, either the configuration is wrong, or the requests do not match the configuration (different values), or the requests are direct.
I am afraid this is all that can be said at this point.
Hi @katarzynastarzewska, I’m an engineer on the Firewall/WAF team.
I noticed you purchased a paid plan, so you’ll have access to the WAF. There’s a rule that will block the fake Google bots that you’re seeing - ID 100201. Can you ensure that it is set to “Block/Drop”?
Let me know if that solved your problem!
Why should either of the two mentioned rules not block it? Specifically the one referencing the bot flag?
On first glance the rules you’ve written at Fake Google Bot - #9 by sandro and their description appear to be correct.
That is precisely what I assumed. Hence I believe the issue is not with Cloudflare but rather one of the aforementioned reasons.
I’d recommend using the rule I provided. If the issue persists, @katarzynastarzewska, feel free to open a support ticket and we’ll take a look to ensure the issue solved.
If you use Ezoic, they have their own bots used for website speed tracking etc. You can either block them but the speed app will not work or make a rule to bypass them. However, what we get in user agent is “X-SiteSpeedApp-1” at the end.
Again, if you use Ezoic, turn it off and check if you see those entries. If not, then it’s clear. And for 99.9% this bot is relevant to Ezoic and does not have to be blocked.
We have also around 150k entries like this each day. Right now, we will keep it this way and if we would like to see other entries, we just exclude them from the overview.
Or, you can just switch off the WAF rule for fake bots. But then you open the door for others.
Ezoic seems to use User-Agents like:
Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.74 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) X-SiteSpeedApp-1
which is why they are blocked by 100201.