Pro Package

Yes I pay for the Pro package and have for some time. However, someone has initiated a spamming attack on me, and no alarm alert or anything from you guys…? Please tell me what I am misunderstanding and how to fix. I only want to allow US visitors. Thank you.

Just set up a Firewall Rule according to this Documentation:

Block all, but not from US


thank you for the reply- I used "if continent not North America then block. Is this correct?

It includes Canada aswell for example and it does not belong to the US. So you can add a additional filter that adds it to the block list if you wish it to be blocked.

Thank you for your support. I have adjusted the rule to exclude Canada. Now I am looking at my bot report. It looks like I am getting hit with 85% bot traffic.

I pay for the Pro Package. Why is there not some level of alert to let clients know that they are under attack or that something suspicious is going on?

Not to mention all the hits from other countries, that start all-of-a-sudden. I am now faced with another uphill climb back into Google’s rankings for the 3-pack, while also being a faithful customer.

Can you test my site and check for any other surprise misconfigurations? Do you have any other suggestions, or know how long it takes to pop back up after you’ve been removed entirely from the 3-Pack SERP?

I truly appreciate your help.



Not sure if this is “bot” traffic or just blocked traffic due to your rules to block everything beside requests from the US.

Like I said I am not sure yet if this was interpreted right and if this is something bad, or 85% users blocked for your site and not bad requests at all. I dont see the analytics/statistics. Also the pro package AFAIK does not include such notification. It brings for its $20/month a great collection on features which in my eyes is not offered by any other security company. So from my POV there is nothing to complain about. As all features that were advertised are working as advertised.

But you can feel free to submit a feature request and give some feedback what you would like to have to be more satisfied with Cloudflare.

Thats normal. Just think about it:
People/Crawler want to see your site and get blocked by Cloudflare, Cloudflare does not tell them what exactly you block and therefore they will use VPN/Proxy services to try and error to bypass your firewal rule. Using a VPN/Proxy loweres your trust score by a lot to a lot of them immediately get challenged with JS-Challenge or are immediately blocked because of the Firewall rule anyway.
For me having a peak with such traffic shortly after configurating such rules is very normal.

For testing your site I/we would at least need your domain.

Noitce: I am (as all other MVPs) not working for Cloudflare and we are just as you part of this great community. Therefore we can not check your configurations, as we do not have any access to your account. We can just work with the infos you provide to us and the experience we have.

Feel free to provide use with screenshots of your Firewall rules so we can have a look.

This topic is related to Google, so probably you will get the best and greatest help by asking in one of Googles community some of their experts. Make sure you do not block any of googles bots/crawlers or spiders! Even i they come from another country. But I apparently can not give you any advise on Google things, these are Googles rules, just make sure you are satisfying all their requirements and your page is how they like it then it will, if good enough come back, if it ever was there and no other competitors overtook you.

You are welcom!

I just turned that rule on today. But under the bot section it says only 16% is human…? And no alert for that? Is my site secure now after the rule I put in place— as long as the spammer isn’t from US? Can you tell me what you would recommend as far as different/additional rules to implement? I have never been attacked before. Thank you.

Let me explain that from my point of view:

This is the statistics for people that got challenged.
16% that has been challenged could verify and therefore are humans
84% that has been challenged could not verify and therefore has been threaten as bots and probably blocked.

The lower the human part is, the better Cloudflare did its job. 16% is actually very low. I will quickly tag other @MVP to ask what they think about this.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.