i’ve been using Cloudflares firewall rules since several months,
i have a issue with a IP which is attacking my website.
I’ve managed to block it with CF firewall rules, i was very happy because i was risking a ban by google for fake AD’s clicks (generated by this IP). One day those fake clicks returned, this time by a different IP address but from the same “hosting”. What i have done, i’ve added it to the firewall rules ((ip.src eq 192.71.xxxx and ip.src eq 37.247.5xxxx) but for my surprise i’ve kep getting those annoying fake clicks from this IP…any clues why this time CF is not able to stop it? anything wrong in my rules?
Could it be that they are reaching your backend directly? It seems unlikely that they are somehow bypassing a firewall rule like that unless another rule with higher priority allows them to enter your site.
If it is an individual IP address, by definition, it couldn’t be a distributed attack. Also, the way the OP described it, it’s apparently not a denial of service either but he simply wants to block that address.
He most likely did not firewall the machine and gets direct connections. Alternatively, his firewall setup is not correct. Hence the four questions