Rate limit based on the use of multiple user-agents by the same IP

There are different vulnerability scanners or tools that make multiple requests to a host; for each request using different user agents. I want to block that behavior (that the same IP makes multiple requests in a period of time with multiple user agents).

I have checked on the docs and in the interface different combinations of expressions and counting expressions, but I haven’t seen something like this:

Expression:
(http.host eq "mycompany.com"
If the same IP address makes X number of requests with Y different number of user agents in 1,5, 10 minutes, then block the requests for 5, 10, 60 minutes.

Is this possible somehow or is it a feature request? if it is the latter, how can I request it?

It is, but only for business and higher:
See Rate limiting rules · Cloudflare Web Application Firewall (WAF) docs

I already have Enterprise, but the only related option available would be to set the counting expression based on a specific User Agent and that’s not what I want. Instead, I want to block requests from a user with the same IP that has requests with several different user agents to the same host in a determined period of time.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.