Firewall question, JS challenge everyone except good bots

Newish to Cloudflare. Really enjoying the technology.

I have a public facing website that has (in the past) been hammered by various bots, bad agents, etc. Moving to cloudflare has reduced my attacks by 90%. However there is 10% that gets through and makes my life ■■■■.

What would be the way to create rules to allow good bots and JS challenge everyone else? This would allow indexing by google, bing etc and stop everything except human traffic.

Or is that too simple an approach?

J

That’d be a single check. If it’s NOT a known (good) bot, then JS Challenge.

Interesting. Are “known bots” always the good ones, ie “verified bots” from “super bot fight mode”?

J

Pretty much. There’s a somewhat recent list in the FAQ:
https://developers.cloudflare.com/firewall/known-issues-and-faq

Ok, this makes sense.

If I wished to block an entire country (ie: Russia), would I create a rule above or below the rule you mention? Is the order of the rules hierarchical or are the actions in a hierarchical or both?

Example:

Rule 1: Allow an country
Rule 2: Block that same country

Rule order matter or action order matter?

J

Rule order matters.

1 Like

Care you expand upon that?

What are the results of each scenario:

Rule 1: Block IP1
Rule 2: Allow IP1

vs

Rule 1: Allow IP1
Rule 2: Block IP1

Thank you for clarifying.

J

Assume IP1 is the same for both rules,

Rule with higher priority will execute. The action is not determining the priority.

Ok, thanks for clarifying. So if I place a country block as Rule 1, and then an ‘allow good bots’ as rule 2, the good bots from the country in Rule 1 will be blocked, since Rule 1 has a higher priority.

Correct?

J

Correct.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.