Is it possible and if so, how to enable advanced request filtering on the Cloudflare site?

agoszka · August 2, 2019, 3:06pm

Can we filter and block requests in Cloudflare that are incorrect or non-standard, or appear unlikely often from the same IP address, even if they are correct?

I am particularly interested in filtering requests with regular expressions and the ability to block IPs of wrong requests, or at least to automaticly response them with the 400 Bad Request response code, as it is possible using mod_security in the Apache server.

The second important thing is the ability to filter out extremely frequent requests that appear from the same IP address (even if they are correct). For example, I would like to be able to block IP addresses at the Cloudflare level, which have made more than 1000 requests per minute.

Does Cloudflare give us such an opportunity?

If so, what conditions do I have to meet and where can I do it in the Cloudflare panel? If possible, please give me precise guidelines.

All this matters in the context of defense against DDOS attacks.

I am asking for help and advice.

Thank you in advance!

sandro · August 2, 2019, 8:43pm

Can you provide examples?

Only Business plans support regular expressions in firewall expressions.

Rate limiting might be something you might want to take a look at.

agoszka · August 2, 2019, 3:51pm

Hi @sandro,
Firstly thank you for your answer.

Can you provide examples?

You asked me for some examples, so let’s say for example that my site is located under the domain https://example.com

and the typical queries are e.g.:

https://example.com/en/
https://example.com/foto/123/image.png

and the unusual, for example:
https://example.com/test/ (rout which does not exist on the system, i.e. it does not belong to one of the predefined)
https://example.com/foto/123456/image.png (id goes well beyond the ones used in the system)
or those in which capitalization or illegal parameters appear.

Such unusual addresses may indicate that someone is testing my website - I would like to be able to detect the IP of such “testers”.

I would also like to be able to filter the HTTP request headers and body.

I would like to be able to automatically block IP from which it detects any (defined by appropriate rules) anomaly.

sandro · August 2, 2019, 3:53pm

The examples you mentioned can be covered with firewall rules. Keep in mind though, you cant use regular expressions unless you are on a business plan.

DimitrisT · October 4, 2019, 2:43pm

Here is the documentation on firewall rules: https://developers.cloudflare.com/firewall/cf-firewall-rules/

Here is the documentation on Rate Limiting: https://support.cloudflare.com/hc/en-us/articles/235240767

agoszka · August 3, 2019, 5:43am

Thank you @sandro and @DimitrisT for your answers and tips.

system · September 1, 2019, 3:06pm

This topic was automatically closed after 30 days. New replies are no longer allowed.