Filter Firewall Event Log


#1

My server is getting on average 25 times a minute by SEMRush/Ahrefs/MOZ/Majestic bots for over 4 days (at least this is when I first noticed I think it has been going on for a much longer time).

I have blocked these bots which has significantly sped up my website. However now it is difficult to identify additional threats in my Firewall Event Log because when I scroll through to the 500th record I can only see blocked attempts from these bots in the last 17 minutes.

It would be useful if we could filter the logs so that I can identify additional threats / records that Cloudflare blocked without my own filters.

As a side note, if anybody else wants to block these bots here is the rule I used. You can add it under edit firewall rule, click edit expression and paste this in.

(http.user_agent contains "semrush") or (http.user_agent contains "SemrushBot") or (http.user_agent contains "AhrefsBot") or (http.user_agent contains "dotbot") or (http.user_agent contains "MJ12bot") or (http.user_agent contains "rogerbot") or (http.user_agent contains "SMTBot")

How to trigger a function if CF detects that visitor is a bot
#2

Yeah, we all feel that pain. Supposedly Cloudflare is working on the Firewall Events Log to make it more user friendly.


Firewall / WAF Logs
#3

I agree but as @sdayman already mentioned, the entire thing is currently work in progress. Expect changes in this area over the coming months.


#4

Among other things they should fix is the fact that the search by IP never works when done past the first set of events.

If you are browsing the log and notice an IP you want to investigate when you have already hit the > at the bottom to go to 51-100, 101-150 etc, you need to reload the page to get back to the first set of events in order for search for IP to work.