Someone has been using cloudflare workders to bypass all my firewall rules on Cloudflare and scaping contents from my site.
What firewall rules I need to add to prevent this action?
How do you tell it is Workers?
They using this url to get my content and print out json file.
For starters, you might want to report this at cloudflare.com/abuse. I cant say if it was classified as proper abuse but the team should be able to determine that.
Then, you can only block based on certain criteria. Possibly the IP address. Can you post the web server log entry of such a request?
Even rate limiting doesn’t work because workers are running on Cloudflare servers.
This is a security vulnerability that needs to be fixed.
I’d expect rate limit to still work.
But you simply need to follow the steps I already mentioned anyhow.
This topic was automatically closed after 30 days. New replies are no longer allowed.