I’m sorry, but I can’t share domain and IP.
In that case it is impossible for the community to say anything.
If you applied the expressions as I described the requests should be blocked. If they are not, either the configuration is wrong, or the requests do not match the configuration (different values), or the requests are direct.
I am afraid this is all that can be said at this point.
Hi @katarzynastarzewska, I’m an engineer on the Firewall/WAF team.
I noticed you purchased a paid plan, so you’ll have access to the WAF. There’s a rule that will block the fake Google bots that you’re seeing - ID 100201. Can you ensure that it is set to “Block/Drop”?
Let me know if that solved your problem!
Why should either of the two mentioned rules not block it? Specifically the one referencing the bot flag?
On first glance the rules you’ve written at Fake Google Bot and their description appear to be correct.
That is precisely what I assumed. Hence I believe the issue is not with Cloudflare but rather one of the aforementioned reasons.
I’d recommend using the rule I provided. If the issue persists, @katarzynastarzewska, feel free to open a support ticket and we’ll take a look to ensure the issue solved.