We see some bad IP addresses that will ping us say 2-5 times a second for HOURS, trying to find a vulnerability. For example, it will in the same second send POST requests to uuu.php, sss.php, 1.php, 2.php, core.php, qaz.php, core.php, sha.php, ppx.php, config.php, config1.php. Basically throwing the kitchen sink at our server.
Or maybe this is a DDoS attack that is just trying to overwhelm our server with meaningless requests?
How do we block these requests?
It has been going on for days and Cloudflare does not block it.
One option we’ve considered is setting a WAF rule (we have the Enterprise plan) to block any visitor who sends requests more than say 3x in a second. If so, is there an easy way to still allow legitimate search indexing from Google, Bing and Yahoo?