I want to effectively block all traffic from the United Arab Emirates

I have massive problems with AdSense click fraud from the United Arab Emirates.
My website is german, so it’s safe to assume that I have absolutely no valid traffic from the UAE.
I created a location based firewall rule to block all requests from there, but it doesn’t seem to work.
I can still see requests from UAE in Cloudflare Analytics and the click fraud goes on.
For better understandig how bad my problem is: The invalid revenue generated by this is by far more than than the valid revenue, we are talking about thousands of euros.
Of course I reported this to Google, but they can’t/won’t help me.

Post a screenshot of your rule as well as of your rule list.

I have only this single rule

That should block it then. How do you tell requests still go through? Did you make sure requests cannot hit your server directly?

Whats the domain?

The domain is www.drwindows.de and it is proxied by Cloudflare, so it should not be possible to contact the server directly. I can still see requests from UAE in Cloudflare and Google Analytics

Just because it is proxied does not mean a direct connection wont work. Can you definitively rule out a direct connection?

Can you post a screenshot?

The block on Cloudflare does seem to work

And yes, your server (assuming its IP address ends in 197) is perfectly open to the world, including the Emirates. If you still get any requests from there, they will be direct ones.


Here is a screenshot from Google Analytics with the requests from this week.
Are you able to access the website via the IP Adress? It does not work for me…

There really is not more to say than what was already written :slight_smile: