Hi,
I have this firewall rule: Screenshot by Lightshot
and it seems it blocks legitimate bots: Screenshot by Lightshot
Any recommendations on how to solve this?
Thank you!
Because you are challenging everyone who actually has a good score
2 Likes
Thank you for the clarification, now I’ve set-up 2 firewall rules:
1: Challenge greater than 5 and less or equal to 20
2. Block greater or equal to 20
However, now nothing gets blocked although we’re under attack (thankfully we have another security solution which blocks all the attacks).
Have you tried lowering it? Also, did you make sure they are not circumventing Cloudflare and are connecting directly?
I lowered them to challenge scores between 1-15, still nothing gets blocked.
When I setup my current firewall provider they recommended me to put this in .htaccess:
#BEGIN Website Firewall Bypass Prevention
RewriteEngine On
RewriteCond %{HTTP:X-SUCURI-CLIENTIP} ^
RewriteRule ^(.*) - [F,L]
ErrorDocument 403 Forbidden
#END Website Firewall Bypass Prevention
Maybe I need something similar for Cloudflare?
They are most likely going around Cloudflare. Your IP address ends in 7, right?
If it’s 12 numbers long ending in 7 then that’s our current firewall provider.
We want to keep Cloudflare as the main one > 2nd firewall for good measure > our web hosting.
12 digits, not 10?
Anyhow, if your IP address is public you should change it as Cloudflare can’t really do against anything against direct connections. You could only block such on your server’s firewall but they could still send requests.
If you refer to our web hosting IP address then no, it’s not ending in 7.
The web hosting server is not attacked, all the connections comes through our website domain and not IP (that’s why our current firewall provider blocks all the bad bots and we get no downtime). We just want to add another extra layer of protection, but this Cloudflare firewall rule doesn’t work for some reason.
Again, if they are connecting directly Cloudflare cannot do anything.
That server at that 7 address does respond to non-Cloudflare addresses, so we can assume the connections are you referring to go around Cloudflare.
So, if we wouldn’t have had Cloudflare pointed at our 2nd firewall provider, but directly to our web hosting (which has no firewall protection), our website would’ve get directly attacked because Cloudflare isn’t able to filter these bots?
I cannot comment on that second provider, but that .7 address is public and any direct connections will go around Cloudflare and any Cloudflare settings won’t fire in that case.
Interesting, so if our website would get attacked then Cloudflare should block them?
Considering the fact that we’ve put those 2 firewall rules in place.
Thank you for making me understand the situation better!
Cloudflare can only block connections going through Cloudflare.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.