PetalBot IPs are bypassing WAF rule and hitting the server

it135 · July 12, 2022, 11:19am

Hi Team,

We have created Bad bots WAF rule for frankmcguire.com.au domain but still the PetalBot IPs are getting bypassed and hitting the server

Also the IP range is 114.119.0.0/24 is in block list but PetalBot IPs are still hitting the server.

Please suggest.

Regards,
Mehul

KianNH · July 12, 2022, 11:22am

Do you have a screenshot of your WAF rule?

Have you locked down the firewall on your server to only allow connections from Cloudflare’s IP ranges?

it135 · July 12, 2022, 11:37am

Please find the snapshot of the Bots rule added in WAF.

Regards,
Mehul

KianNH · July 12, 2022, 11:38am

That’s checking for a User-Agent that matches all of those - I think you want or, not and

It’s also equals - I doubt their User-Agent is exactly PetalBot - maybe you want contains?

it135 · July 12, 2022, 12:52pm

Thank you for the update, have used OR operator now and have updated the rules.

Will monitor it and update.

Please find below snapshot of LFD alert for PetalBot.

it135 · July 21, 2022, 6:28am

All sorted and blocks are working fine.

Thanks for assistance.

system · July 24, 2022, 6:28am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Petalbot not being blocked Security	9	2173	April 6, 2023
Help to explain this image security Security	3	1622	April 10, 2022
WAF rule with low and upper letters 2 Security	2	540	September 27, 2023
Rate Limiting Issue - how do I fix it? General	1	1031	July 21, 2023
Blocking a bot in WAF by IP range, ASN and Rules is not restricting it Security	4	1587	November 12, 2022