How to block request from non-browser

cuvantho123 · November 23, 2024, 1:54pm

What is the name of the domain?

What is the issue you’re encountering

I don’t know how to block request from non-browser (like postman, curl…)

What is the current SSL/TLS setting?

Off

What are the steps to reproduce the issue?

I previously saw some website that use cloudflare to block /challenge request from non-browser: That request is works fine on chrome when visit their website, but when I copy that request as curl, and paste it to cmd and run, I’ve blocked from cloudflare. That is a awesome feature but I dont know how to use it. I’ve enable “Bot Fight Mode”, create waf block Known Bots, but still not working

paul32 · November 25, 2024, 11:40am

Create a WAF rule:
User Agent contains “curl”
or User Agent contains “postman”
or User Agent contains “Go-http”
or User Agent contains “little client”
etc., etc.,
Then Block

cuvantho123 · November 26, 2024, 1:22pm

Hello,

This will not working if curl / postman set an normal User Agent in request headers. I want to block that case. So I cannot use WAF rule User Agent

system · December 11, 2024, 1:23pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
WAF rule for blocking user agents that do not come from a browser Security	2	2111	October 19, 2023
Create WAF rule to block abc.php Access	1	971	May 18, 2023
CF blocking all requests if user-agent contains "diamond" Security	7	2455	November 30, 2022
Does Cloudflare block some user agents by default? Security	6	5784	April 18, 2020
WAF Custom Rules Not Working Security	6	46	March 8, 2025

How to block request from non-browser

What is the name of the domain?

What is the issue you’re encountering

What is the current SSL/TLS setting?

What are the steps to reproduce the issue?

Related topics