Hostname rule question

I think I have a poorly written firewall rule, and I am unsure how to correct it. The rule is intended to block trafic from two specific hosts;

( contains “”) or ( contains “”)

There is generally a prefix prior to the hostmane in the hack attempts.

A sample complete host name is, but the first string often changes.



Chris is the request for the host name on your side (so this would let you write a rule based on sundowns in being accessed).

I’m not clear if there are any rules that work on reverse DNS, but I would actually be slightly surprised as reverse DNS is not available in real-time during a request (it can be, but DNS isn’t always instant, and reverse DNS can’t be pre-cached). Maybe with workers? is your hostname (domain). If you’re trying to block everyone from or, you should use an AS number instead.

1 Like

You’re getting traffic FROM godaddy ( ?

Yep. It appears to be a single, very motivated individual. They have had no luck, but I would obviously like to shut them down.

You should probably alert godaddy about their malicious actions.

Thank you for that advice. I just wrote an ASN block rule. We’ll see if that stops my “friend.”

1 Like

This topic was automatically closed after 14 days. New replies are no longer allowed.