I had a bunch of attacks coming from a Russian IP last night and when I checked the CF dashboard, I saw that the IP in question had been blocked for this behavior 3 hours earlier, but wasn’t currently being blocked for the same requests.
I would love to understand this, and even better would be instructions to turn it off. I don’t want attackers to be able to try again, especially within 24-hours (at least).
Possibly related: I added the CIDR block to the firewall but the traffic didn’t stop for about 20 minutes. Is that what I should expect?
This is on a paid account, if that makes any difference.