Firewall Rule Based on User Agent is Not Working

I have created a firewall rule (http.user_agent contains "facebookexternalhit") but it is not working for some reason.

Here is IIS server log:

#Software: Microsoft Internet Information Services 8.5
#Version: 1.0
#Date: 2021-07-30 08:15:22
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken User-Client-IP Cloudflare-Connecting-IP

30.07.21 9:05:14 194.58.71.35 GET /products/Травяные-таблетки-Фа-Талай-Джон-от-простуды,-гриппа,-ОРВИ-(марка-Тра-Бай-Хо).html - 443 - 172.70.35.10 facebookexternalhit/1.1+(+http://www.facebook.com/externalhit_uatext.php) - - magazin.superbank.ru 200 0 0 57252 835 1250 2a03:2880:27ff:16::face:b00c 2a03:2880:27ff:16::face:b00c

The Cloudflare Firewall Log reports that the rule is working but how come the blocked requests are still reaching my web server?

The request you posted will have connected directly to your server instead of going via Cloudflare. You need to make sure your server only accepts requests from Cloudflare’s proxies → cloudflare.com/ips

On the other hand, you currently also have a security issue.

2 Likes

Many thanks for your prompt reply and clarification of this issue :+1:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.