I have a feeling I may have a misconfigured firewal (WAF)
My local wordfence firewall is detecting some Known malicious User-Agents. However, it was of my understanding that Cloudflare services should be blocking these before reaching my website.
I can only think of three possiblities in this case.
- Wordfence has detected a false positive.
- The malicious User-Agent is not known to Cloudflare
- My WAF settings are not configured correctly
Currently, I have a Cloudflare pro account with :
Super Bot Fight Mode Turned On -
Definitely automated - BLOCK
Verified Bots - Allow
Security Level - Medium.
Static resource protection - ON
Browser Integrity Check - ON
OWASP ruleset. - Managed Rules For Wordpress - ON
In this case, should have Cloudflare WAF not allowed this to reach my site - How did it get passed c/f with all this security turned on?
India was blocked by firewall for Known malicious User-Agents at http:// techbusinessnews.com.au /wp-includes/wp-22.php
3/17/2023 2:19:57 PM (16 minutes ago)
IP: 22.214.171.124 Hostname: host. oceanlinerservices. com
Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36
Maybe if this guy is not in your security database you could add it? Or is it possible I have missed something that would stop these critters at the cloud instead of my local firewall catching it ?