Help Understanding Google behavior

firewall
#1

Hello,
I need Some help understanding some of google IP Behavior.
I Have a Firewall Rule to allow Known Bots.
I notice that some of Google IP That Cloudflare Allow to access the site Under this Rule constantly Requesting a Single file (Image File) Using User agent
( Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0 (via ggpht.com GoogleImageProxy)
I searched the internet for this user agent and IP and it’s truly Google but could someone use Google services to Launch Flooding attack?
And if this true How I can Stop it.!

#2

Post a screenshot of that firewall rule.

#3

Thank You for Your Reply
Here it is

#4

That should be actually okay and only allow IP ranges of known crawlers. For example, Google IP ranges where customers can run their own code should be excluded here (assuming Cloudflare configured it correctly).

Is that the only “Allow” rule?

#5

Yes it is The only Allow Rule.
But the systematic requesting of a single file over and over again in short period of time makes me think that this may be Suspicious.
I’m Used to the normal Google crawler Behavior But this new to me.

#6

Might still be legitimate requests

1 Like
#7

I Guess so.
Thank you for your Help I appreciate it :).

#8

Hello,
After Careful Diagnosis It seems to me that this Is not A legitimate Traffic.
The Attacker Was Taking advantage of Google IP and Cloudflare (Allow rule for Good Bots).
The Attacker was requesting Single Image File In Directory Supposed to be for Admins Only.
I managed To stop it by Creating JavaScript Challenge Rule before the (Allow for Good Bots) For this specific Directory.

#9

That would hint at Cloudflare not being strict enough when it comes to Google crawler IP ranges. You might want to open a support ticket in this case.

#10

OK. Thank You

closed #11

This topic was automatically closed after 30 days. New replies are no longer allowed.