I am looking at a website under seige by DDOS attacks and now what the attackers are doing is hitting the URL and putting some random characters on the end that change every time.

One form is this: https://thewebsite.com/wp/wp-includes//8826641477)
The other form is this: https://thewebsite.com/wp/wp-includes/23626478191)

The difference is 1 versus 2 “/” characters and of course the random number at the end.

What kind of rule blocks this?

Edit: Check this https://developers.cloudflare.com/firewall/cf-firewall-language/operators

Thanks. That was helpful. I created one that’s working great, not just on that random nonsense, but anything else depending on referral url and/or a few other items.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.