Half a year ago I configured a new WEB site (static HTML) hosted on Cloudflare pages and accessible via Cloudflare Universal SSL (no other third-party SSL certificates are in use).
My Cloudflare pages do not have resources started with “.” (dot), so I blocked “/.env/”-like crawlers in WAF rules: ( http.request.uri.path contains “/.” )
About a week ago I noticed hundreds of similar requests from Cloudflare AS132892 with /.well-known/acme-challenge/" in URI path blocked by the WAF filter:
- IP address: 2a06:98c0:360c:7e70:859c:cc24:XXXX:XXXX
- ASN: AS132892 CLOUDFLARE Cloudflare, Inc.
- Country: United States User agent: bushbaby/2023.11.9
- HTTP Version: HTTP/1.1
- Method: GET
- Path: /.well-known/acme-challenge/2d9gwoqq9zC_tK7MEWXXXXXXXXXXCoFLqQrtPZOI
- Query string: Empty query string
Should I bypass my WAF filter for all traffic from Cloudflare AS like ( http.request.uri.path contains “/.” and ip.geoip.asnum ne 132892 ) ?