We have recently seen a massive spike in requests that appear to be from Yandex, a Russian search engine.
For example 42,000+ requests to a few URLs of our company portal (SAML authentication URLs) over the past 24 hours. Has anyone seen a similar spike? We have blocked these requests using a Cloudflare firewall rule.
Here is how the traffic identifies itself:
User-agent: Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)
ASN: AS13238 YANDEX
Followup: We fixed what was essentially a DDOS by Yandex by setting up a robots.txt and denying their bot. Once their bot saw our updated robots.txt it stopped flooding us.