Is there a firewall rule to request reCaptcha all countries instead of adding one by one from the country list. I just want to turn on/off firewall rule to show all visitors reChaptcha challenge as I am under botnet attack and the attack is passing the JS challenge and the I’m under attack mode.
There is probably a far more elegant solution that this… but I just use NOT - i.e. if the request is NOT _________ then challenge. You can use IP like the screenshot below or something else…
You can follow @domjh’s suggestion, but you should also add to the rule an instruction not to block known bots, including search engines, otherwise your site may be de-indexed by Google and other services:
(ip.src ne YOUR IP and not cf.client.bot)
Also, keep in mind that even with the Cloudflare list of known bots excluded, this rule would still block bots that are not on the list, including, for instance, Facebook, Twitter and GTMetrix. You’d have to white list them separately, using their AS Number, or IPs and IP ranges.
^ ^ ^ THAT!! ^ ^ ^