Known Bots allowing strange requests in WAF Firewall Rules?

The WAF firewall rules seem to be allowing strange requests from AS16509 when Known Bots is enabled.

These requests do not look like a legitimate/known bot, based on the requesting ASN, IP address, User Agent and doing a Reverse DNS on the IP address.

Examples:
AS16509, 54.241.45.34, Opera/9.80 (Windows NT 10.0; Win64; x64; U; en) Presto/2.9.168 Version/11.50
AS16509, 54.255.209.170, Opera/9.80 (Macintosh; Intel Mac OS X 11_2_2; U; en) Presto/2.2.15 Version/10.00
AS16509, 122.248.204.187, Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36
AS16509, 54.240.199.107, Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

I’m on the Free plan.

Can you post a screenshot of the firewall event where these requests are mentioned?

54.241.45.34

54.255.209.170

122.248.204.187

54.240.199.107

Redacted some parts of the hostname in the firewall event and firewall expression rule which are not relevant in this context.

Issue just recurred

122.248.204.187

For sure this request was a bot, especially with that kind of UA, and allowed by Known Bots…

54.153.80.133

I think I might have to exclude all AS16509 through Known Bots and manually filtering them for the time being…

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.