So I am trying to set up some rules to JSChallenge anyone from outside of the United states and its minor outlying areas. My engine building company does not ship outside the USA, so our primary focus is US based customers. So making it slightly more challenging for those outside of our area is ok if it can possibly eliminate some spam/attacks on my website. My question is to the best way to implement this. From poking around, it looks like I will be doing this with my 1 of 5 Firewall rules, or doing it via IP Access Rules. I am getting a little confused on which to use and whether or not one would take priority over the other and vice versa. I temporarily tried the following firewall rule which SEEMED to work, but until I get to work and re-test, connecting to it using a VPN routed through Russia, I wont know for sure if the JSChallenge part is functional. For now it is disabled until I hear back from you guys:
Country is NOT equal to United States
Country is NOT equal to United States Outlying Areas
*** BUT…I also do NOT want to block good bots. I want all good bots to be able to scan my website. How or where would I add this into the mix if using the above rule set? Would I add it inside the existing above rule or would it be a completely separate rule? If separate rule, would I place it above or below the current one, or does that order even matter? Or, can I use IP Access rules instead, for the same stuff as above, so as to not waste Firewall rules since I only have 5? Thanks!