Yesterday was my first time to set up some basic firewall rules. I noticed today that many bot requests are now blocked, but many are still reaching the server, despite the fact they they violate a firewall rule.
I was wondering:
- If a less than 100% block rate is normal and to be expected, or
- Whether it perhaps takes some period of time longer than 48 hours for the firewall rules to reach something approaching a 100% block rate, or
- Whether the firewall rules need some further tightening.
Here’s a sampling of three of the rules, each followed by requests that still managed to reach the server:
RULE: (http.request.uri.path contains “/contact”)
/contact → x 6 server requests
/contact/ → x 5 server requests
RULE: (http.request.uri.path contains “ads.txt”)
RULE: (http.request.uri.path contains “.cgi”)