Hello,
new here. how do you go about blocking “createPost” for specific domain in the cloudflare portal?
Hi there,
Just to make sure we are on the same page - are you referring to this behavior Magento? - Spam BOT Registration Attack on form customer/account/createpost · Issue #18504 · magento/magento2 · GitHub
If this is the case, I’m wondering if ‘Super Bot Fight mode’ could block this - setting a block on ‘definitely automated traffic’ - this can be found under ‘Security > Bots’ section of the dashboard.
Alternatively, you could look at creating a ‘Log’ Custom rule for that URL endpoint. You could then use Security > Firewall Events to monitor that rule to look for patterns or anomalies that you could craft a custom rule on (eg. traffic from a specific network ASN/User-Agent etc on this URL)
Hope this helps!