Microsoft 'good' bots hammering away

I have a security/waf rule that allows only Microsoft ASN’s ‘good’ bots through:

(ip.geoip.asnum eq 8075 and not cf.client.bot)

which is set to ‘challenge’ and has worked really well for years until about a week ago where the class C

52.169.23.0/24

is allowed by this rule (assumed deemed ‘good bot’ by cloudflare) and hammers my site all day long with malicious intentions.

How can I get cloudflare to review this class C and remove them from their ‘good bot’ list?

J

We block AS8075 and not a good bot the same as you
We also block many IP ranges within AS8075 and which pass the cf.client.bot test, and block malicious and vulnerability checks from IPs that have passed this test

We find that BingBot ignores robots.txt, ignores sitemaps, and just trawls paths, existing and not existing, apparently doing vulnerability checks, also we dont use wordpress and yet bingbot tries to do wordpress vulnerability trawls
All the behaviour of a malicious bot, so gets treated as malicious

We have also had many long discussions with bingbot support about this - even when presented with lots of evidence they claim it doesnt happen

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.