My site is being massively ddos at the moment and I managed to set up some rules (in my Cloudflare firewall ruels as well as the .htaccess on my web server) to block some requests.
I’ve also got the Web Application Firewall enabled. However, I still see some requests on my Apache logs that should actually be blocked (and they don’t appear in the Apache error logs where they should be denied).
This is an example of the request that is currently DDOS my website and even with all the rules, is still performing attacks :
mediarepscom-7.as22384.net - - [18/Jan/2020:12:13:34 +0100] "GET /search.php?query=CandyCourt%20Snaps&do=process&securitytoken=guest HTTP/1.1" 301 317 "-" "Opera/9.80 (Windows NT 6.1; U; en) Presto/2.5.24 Version/10.54"
I’ve set 2 rules within Cloudflare firewall :
(http.host contains “mediarepscom-7.as22384.net”)
(http.user_agent contains “Presto/2.5.24”)
I see that “Activity last 24hr” is set to 0, whereas my Apache logs clearly show that those requests are interfering with my server…
Thanks for helping me