PetalBot IPs are bypassing WAF rule and hitting the server

Hi Team,

We have created Bad bots WAF rule for domain but still the PetalBot IPs are getting bypassed and hitting the server

Also the IP range is is in block list but PetalBot IPs are still hitting the server.

Please suggest.


Do you have a screenshot of your WAF rule?

Have you locked down the firewall on your server to only allow connections from Cloudflare’s IP ranges?

Please find the snapshot of the Bots rule added in WAF.


That’s checking for a User-Agent that matches all of those - I think you want or, not and

It’s also equals - I doubt their User-Agent is exactly PetalBot - maybe you want contains?


Thank you for the update, have used OR operator now and have updated the rules.

Will monitor it and update.

Please find below snapshot of LFD alert for PetalBot.

All sorted and blocks are working fine.

Thanks for assistance.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.