Hello,
My website is again under attack, cloudflare free account is able to save me, but with under-attack settings.
With the free version, Cloudflare doesn’t provide REGEX matching, so I am getting lots of traffic like below.
115.99.128.63 - - [14/Aug/2023:04:37:08 +0000] “GET /7477708a6mwsxvygbf4s38/ HTTP/2.0” 404 22727 “-” “Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Mobile Safari/537.36”
115.99.128.63 - - [14/Aug/2023:04:37:08 +0000] “GET /7477708a6mwsxvygbf4s38/7477708a6mwsxvygbf4s38-7477708a6mwsxvygbf4s38/ HTTP/2.0” 404 22727 “-” “Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Mobile Safari/537.36”
115.99.128.63 - - [14/Aug/2023:04:37:08 +0000] “GET /results/7477708a6mwsxvygbf4s38/ HTTP/2.0” 404 22727 “-” “Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Mobile Safari/537.36”
115.99.128.63 - - [14/Aug/2023:04:37:08 +0000] “GET /search?q=7477708a6mwsxvygbf4s38 HTTP/2.0” 404 22727 “-” “Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Mobile Safari/537.36”
115.99.128.63 - - [14/Aug/2023:04:37:08 +0000] “GET /search?keyword=7477708a6mwsxvygbf4s38 HTTP/2.0” 404 22727 “-” “Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Mobile Safari/537.36”
115.99.128.63 - - [14/Aug/2023:04:37:09 +0000] “GET /?s=7477708a6mwsxvygbf4s38 HTTP/2.0” 200 24907 “-” “Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Mobile Safari/537.36”
Most of the time, the alphanumeric pattern of 22 characters.
I am using NGINX and MariaDB of Ubuntu, is there any way to block these BOT requests on the server level, using Firewall or NGINX rules??
Best Regards,
Prashant