On 21st August, Hotlink protection reporting disappeared from Analytics>Security. Then it appeared under Firewall events.
Is this the same for everyone? To have thousands of Hotlink protection events in my Firewall Events log renders the log totally useless. It just buries any genuine firewall events.
I’d just like to know if it’s an error with my account, or a new way that Cloudflare is reporting Hotlink protection.
Thanks,
Dave
@ecp,
Hotlinking blocks are firewall events. In the past it was difficult to determine what IP addresses and resources were potentially being blocked. If you have a lot of those types of events the newly introduced filters can let you filter them from the view and better search for specific WAF events.
You can also export and analyze your WAF events externally. Here’s a sample script which reports on the top N, but one could pull that into a SIEM tool or log aggregator instead.
https://github.com/Cloudflare/wafanalyzer
-OG
Brilliant!
Thanks @OliverGrant!