I need a firewall rule to block the list of all free online proxies IP’s worldwide, example list from here:
https://www.proxy-list.download/HTTPS
Can Cloudflare add such a feature builtin to block all free online proxies world wide because this list is dynamically updated every second.
Cloudflare’s IP reputation feature effectively already covers this. Since there are so many (usually 500+) different sessions connections to Cloudflare from one proxy IP, that proxy’s reputation score will drastically be lowered and a firewall set to High or Medium will likely catch it.
If you want something like this now, you could set up a CF workers script which pulls from that API and does the check itself. Just be careful with this, I wouldn’t be surprised if that proxy list blacklists the Cloudflare IP for too many requests.
Here’s a worker I whipped up:
Thanks for the code. But this will not be practical to run all this code in every request. This code needs to be run server side so a cron job update the proxy list may be from different websites and updates the firewall rule for that and we can just have the option to turn it on/off.
Firewall rules have a maximum size of 4kb, so this won’t work:
// using memorySizeOf to calculate the actual amount of memory it's taking up https://gist.github.com/zensh/4975495
console.log(this.ips.length)
console.log(memorySizeOf(this.ips))
> 6972
> 181.314 KiB
The IP Firewall also wouldn’t work since even Business plan customers only get 2,000 rules:
Note that the only downside of workers here is the monetary 
cost to you; this will, at most, add 5 milliseconds to the response time, and that’s only when the list of proxy IPs is still in memory. Depending on the traffic website, it may be 30+ minutes before it re-downloads the proxy list, and that’s still too fast for anyone to notice.
This topic was automatically closed after 30 days. New replies are no longer allowed.