Regarding HTTP Version

I have attacking requests from
HTTP/3 Can I block this or is there also legitimate traffic coming from HTTP/3
What is the type that works with Windows and phone browsers more?

Without knowing some more details, until then may I suggest you to look into the below two articles:

Last but not the least, kindly see more by reading Cloudflare articles which contain a lot of helpful information for better understanding and usage as well in terms of Security and Protection:

User-agents can be changed, so it might mimic the real phone web browser, while it’s not.

Other way would be to setup some custom-made Cloudflare Firewall Rules, or use some of the existing or combination of them with blocking modes and security options (referenced the links from above).

Nevertheless, you could try out a Pro plan and Web Application Firewall and Managed WAF Rules which you can enable with a single click to protect your WordPress (not just admin area, rather more of it in terms of possible vulnerabilities, scans, etc.).

Pro plan offers “Web Application Firewall” (Managed WAF Rules), “Cloudflare Managed Ruleset” and “Package: OWASP ModSecurity Core Rule Set” which we can enable with a single click and configure per demand :wink:

Combining this with custom Firewall Rules and other security & protection options we have at Cloudflare, per our need, we get a really good one.

Despite of this, Pro plan has got an option to “Configure Super Bot Fight Mode” to challenge “Definitely automated” bots.

Furthermore, you can use Firewall Rules to block AS numbers or more - and even more like old HTTP/1.0 requests, or block some known “bad” user-agents, crawlers, etc.

Under the Firewall Setings, you can set the Security Level, Challenge Passage, enable Browser Integrity Check and few others.

You could also track your Firewall Events and check for any suspicious or being challenged or blocked, that way you can tune-up and adapt your security settings as you need.

You could also enable the Rate Limiting option under the Firewall tab of Cloudflare dashboard.

Therefore, some Firewall Tips are published here:

Using the search :search: :

1 Like

HTTP/2 and HTTP/3 are the most used HTTP versions at the moment, you shouldn’t block them.


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.