Hello! I have a lot of spam traffic on my website. and all of them come direct. so can make a challenge only for direct traffic?
If “direct” means they’re bypassing Cloudflare, you’ll need to block this at the server.
If “direct” means they’re not following a link to get to your domain, you can Firewall challenge by a blank “Referrer”, but some sites are set to not include a referrer, and those users will be challenged.
Since you mention Spam, it’s probably bots. Have you enabled Bot Fight Mode? It should give them a bit of a headache:
https://support.cloudflare.com/hc/en-us/articles/360035387431-Understanding-Bot-Fight-Mode
Sometimes there are CMS that does not allow to do much on the server side, however if you have access to your server firewall or can use the console etc you can set a rule to only allow traffic from Cloudflare network IP Ranges
As recommended on this article https://support.cloudflare.com/hc/en-us/articles/200172906-Troubleshooting-surges-or-spikes-in-web-traffic
Yes, I mean direct without the referrer. How can I challenge them?
by the way! I didn’t find the bot fight mode in the dash.
Also What I do is to investigate the network for example OVH is one of the worst network I ever seen they allow too many spamming sites, bad bots, etc they don’t care about what they are allowing on their server OVH is a cheap Cloud provider but it host too many bad bots etc so I blocked their entire network by adding the AS number to the Cloudflare Firewall IP Rules and set to block
In general good networks administrator doesn’t allow bad bots, spamming sites and so on, on their networks so What I do is that when I detect too many bad traffic from a certain network I just block it by adding their AS number to the firewall ip rules
Hi @mouad.eddouch,
Just create a firewall rule that if there is no referrer then challenge, for example:
We host many PDF so there are website that link our PDF directly what I did was this rule using CF Firewall:
(http.request.method eq “GET” and http.request.uri.path contains “pdf” and not (http.referer contains “yoursite.com” or cf.client.bot))
then challenge
really, I didn’t understand! please can u send a pictures how can I challenge no referrer
here is my website http://www.moklatasmartwatch.com/
Hello! How Can I stop direct spam traffic?
I’ve activated the fight mode, but the spam still existed. How can I stoped all direct traffic?
Hello! How Can I stop direct spam traffic"no-referrer"?
I’ve activated the fight mode, but the spam still existed. How can I stoped all direct traffic?
I could help, if your server is getting direct access (bypass Cloudflare), block all traffic on http(s) from your webserver, and only allow cloudflares IP range (IP Ranges). This could help, also, for a (d)dos prevention, search your site on (https:///censys.io/ipv4) and see if the IP is being leaked. also (http://crimeflare.org:82) and (http://dnsdumpster.com)
This topic was automatically closed after 30 days. New replies are no longer allowed.