Question re Blocking Rate of Firewall Rules

Yesterday was my first time to set up some basic firewall rules. I noticed today that many bot requests are now blocked, but many are still reaching the server, despite the fact they they violate a firewall rule.

I was wondering:

  • If a less than 100% block rate is normal and to be expected, or
  • Whether it perhaps takes some period of time longer than 48 hours for the firewall rules to reach something approaching a 100% block rate, or
  • Whether the firewall rules need some further tightening.

Here’s a sampling of three of the rules, each followed by requests that still managed to reach the server:

RULE: (http.request.uri.path contains “/contact”)
/contact → x 6 server requests
/contact/ → x 5 server requests

RULE: (http.request.uri.path contains “ads.txt”)
/app-ads.txt

RULE: (http.request.uri.path contains “.cgi”)
/cgi-sys/defaultwebpage.cgi

First, have you locked your server to only respond to Cloudflare IP addresses? IP Ranges | Cloudflare

I have not locked the server to only respond to Cloudflare IP addresses.

Is that something that I should expect or request from my hosting provider, or is that something that must be added to the server application code? If the latter, is there any documentation that you might recommend for learning how to do this?

Thank you for linking that list.

It probably can be done with your hosting provider, on their firewall.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.