Feature request: block IP directly from firewall logs tab


first of all I’d like to express my gratitude to Cloudflare developers & maintainers for such powerful & useful product

I develop & maintain e-commerce site of our trade company. the company is widespread throughout the our country (EU, population ~ 40 mil), & accordingly the site has a large traffic & acts as an important link between our customers & managers

since December 2019 our site faces constant worldwide DDOS attack (mostly thru botnets, I suppose, & partially with leased servers around the world). Attack persists in vary of ways, from trivial http flood over9000 lvl to targeted shots on different Magento bottlenecks

fortunately, we resist these attacks with no serious losses, & this is mostly possible due to Clouflare protection & services. deep logs inspection provides accurate patterns, & clearly designed rules for Cloudflare firewall allow to keep site in good trim for legitimate customers while the lion’s share of garbage traffic stays overboard

but one feature could make it much easier to deal with that chaos. when I inspect firewall logs on Cloudflare, I fetch sources that bring heavy amount of garbage & then block them with IP Access Rules service. about 15-20 per day for last half of year, but this garbage ball is growing in these latter days

it would be very helpful if one could block IPs with IP Access Rules directly from logs ui of Cloudflare firewall. with this feature one could be freed from the drudgery & get significant savings of lifetime

thank you for cooperation

Juliy V. Chirkov

There’s actually a similar feature that allows you to create a Firewall Rule based on the filters and exclusions you selected within firewall analytics, click Create firewall rule at the top right of the Firewall Events page under the Overview tab. For more details, please review the KB article here: https://support.cloudflare.com/hc/en-us/articles/360024520152-Understanding-Cloudflare-Firewall-Analytics.


This topic was automatically closed after 14 days. New replies are no longer allowed.