Help blocking DDOS request using REGEX match

Hello folks,
My website is under DDOS attack, most of the traffic is blocked by Cloudflare protection using “Under Attack” settings. Right now Javascript challenge is shown to regular users to avoid DDOS traffic.
I am getting huge traffic of a similar type, a random alphanumeric string of 22 characters without any special characters.

106.213.82.102 - - [12/Jun/2023:18:18:03 +0530] “GET /990763zctorsiqnfpkjfx6/ HTTP/2.0” 404 23365 “-” “Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Mobile Safari/537.36”
103.211.14.104 - - [12/Jun/2023:18:18:04 +0530] “GET /6020233ob52b0erkmthjp3/ HTTP/2.0” 404 23365 “-” “Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Mobile Safari/537.36”
103.211.14.104 - - [12/Jun/2023:18:18:04 +0530] “GET /4087596qpb1al0q77wxhcf/ HTTP/2.0” 404 23365 “-” “Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Mobile Safari/537.36”

Please help me to block such traffic.
Many Thanks
Prashant

Hi,

To block the DDOS traffic with a random 22-character alphanumeric string, create a Firewall Rule in your Cloudflare dashboard with the following steps:

1. Go to the “Firewall” tab in the dashboard.
2. Click on “Firewall Rules” and then “Create a Firewall rule.” Create, edit, and delete rules · Cloudflare Firewall Rules docs
3. Add a “URI Path” field and choose “Matches the pattern (regex)” as the operator.
4. Enter the regex pattern: ^/[0-9a-zA-Z]{22}/$ to match 22 alphanumeric characters.
5. Choose an action, such as “Block” to block matching requests.
6. Save and deploy the rule.

This will block any requests with a random 22-character alphanumeric string in the URL path.

Regards

A post was split to a new topic: Cannot find regex matches operator

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.