Lots of /.well-known/acme-challenge/ requests from Cloudflare AS132892

Half a year ago I configured a new WEB site (static HTML) hosted on Cloudflare pages and accessible via Cloudflare Universal SSL (no other third-party SSL certificates are in use).

My Cloudflare pages do not have resources started with “.” (dot), so I blocked “/.env/”-like crawlers in WAF rules: ( http.request.uri.path contains “/.” )

About a week ago I noticed hundreds of similar requests from Cloudflare AS132892 with /.well-known/acme-challenge/" in URI path blocked by the WAF filter:

  • IP address: 2a06:98c0:360c:7e70:859c:cc24:XXXX:XXXX
  • ASN: AS132892 CLOUDFLARE Cloudflare, Inc.
  • Country: United States User agent: bushbaby/2023.11.9
  • HTTP Version: HTTP/1.1
  • Method: GET
  • Path: /.well-known/acme-challenge/2d9gwoqq9zC_tK7MEWXXXXXXXXXXCoFLqQrtPZOI
  • Query string: Empty query string

Should I bypass my WAF filter for all traffic from Cloudflare AS like ( http.request.uri.path contains “/.” and ip.geoip.asnum ne 132892 ) ?

Closing in favor of