(Get a Free Cloudflare Tee-Shirt) Question of the Week- What's your favorite easy firewall rule to block unwanted traffic?

What’s your favorite easy firewall rule to block unwanted traffic?

Make a video showing us how you created the rule, tell us why it’s valuable, and show it to us in action on your site. Post the video on any social media platform tag us, and drop the link here. The first 5 people to do this will receive a free Cloudflare t-shirt!

  • I block based on country
  • I usually just block by IP, hostname, or cookie
  • None really, I rely on DDoS protection and the occasional IP Access Rule
  • Nothing easy, I write very sophisticated rules
  • Other

0 voters

Get a free Cloudflare shirt, by answering the above question!

"Most" Questions of the Week

Show Us Why
Answer Questions of the Week with a link to a simple video, it can be a screen recording highlighting the feature, a tutorial of a function you find most useful, or even a video of yourself. Once you submit your video, tell us about it on the question to receive a custom community Cloudflare badge.

About Question of The Week
Weeks may come and go, but we never get tired of finding out how you answer the Question of the Week. See questions from previous weeks, tell us what you think, and share your video to earn your own Content Creator badge!

Get the Most Out of your Cloudflare Account
With the Cloudflare Pro plan, you receive upgraded DDoS Mitigation, CDN, DNS, Shared SSL certificates absolutely free. The Pro plan also features our one-click bot mitigation, advanced Web Application Firewall (WAF) with 20 Page Rules, lossless image optimization, automatic mobile optimization, extended security analytics, and much more. Take your professional website to the next level with Cloudflare Pro.

Cloudflare Content Creators Badge:
ccbadge

View Content Creator Badge Winners

Or ASN. I’ll just file it under IP.

4 Likes

Block WordPress xmlrpc.php (Pingbacks, Trackbacks, and bulk password guessing attacks) in 60 seconds with a Cloudflare Firewall Rule: https://twitter.com/aaronsilber/status/1448758282785591303

3 Likes

It all depends.

I have a cron set up that matches all access requests to my server with a count based on IP address so I can easily see the top 100 requests to my server daily. I send this data to a server monitoring slack channel.

Where possible I use useragent blocking for bots like SemrushBot
In situations where they do not have a useragent I will block the IP address
In situations where they are using the same datacenter but lots of different IP ranges I will asn block
In situations where they are from an ISP I will just javascript challenge that IP address

When I got DDosed I try to identify the main ASNs causing it and blocked them temporarily until the DDosed ended.

Then I copy the firewall rules expression to all of my servers and new servers.

I love using geoblocking with Cloudflare’s firewall. It just works™, and CF’s geoip data sources are usually spot-on. https://youtu.be/X4X1i-dhq3k

Edit: also posted this on my Twitter https://twitter.com/as137509/status/1449897106982985730?s=20

1 Like

Cloudflare WAF is the best. I have clients that do geo-blocking, but it’s also easy to block potentially malicious WordPress stuff like @bytesco_aaron mentioned xmlrpc.php or variations of requests with /wp-includes

Also, how can I get a shirt or other swag even though I’m not top 5? I found this thread but didn’t see an official answer: Cloudflare swag