Someone attacking my site with Chrome-Lighthouse - how to limit?

My hosting company have been in with the below

Your website is also receiving extremely high traffic from Google-based IP addresses which seem to belong to a Chrome-Lighthouse service:

‘Mozilla/5.0 (Linux; Android 7.0; Moto G (4)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4590.2 Mobile Safari/537.36 Chrome-Lighthouse’ | awk {‘print $1’} | sort | uniq -c | sort -rn | head -10
7777 66.102.9.229
7174 66.249.93.133
5224 66.102.9.228
5200 74.125.208.69
5166 66.249.93.134
4883 66.102.9.230
4505 66.102.9.224
4116 66.249.93.132
3825 66.249.93.128
3377 74.125.208.70

Hi @sales135,

I can think of 2 possible solutions for your situation:

1. Custom WAF rule based on User Agent: Now that you have identified the User Agent of the requests doing the attack, you can implement a custom WAF rule filtering traffic by the user agent that belongs to the Chrome-Lighthouse requests. Then you can set the action to Managed Challenged. The rule should look similar to this:

You can always add more expressions to have control over the requests that are going to be Challenged.

You can read more information in our official documentation:

Note: You can block those IPs directly using a Custom WAF Rule, but the attacked can easily get another pool of IPs and your rule is not longer going to work.

2. Rate Limiting Rule: With this option you can rate limit the amount of requests made by individual IP’s. You can filter the traffic here as well by Hostname, URI, Full URI, URI Query String, URI Path, etc.

A very generic Rate Limiting Rule will look something like this:

You can read more information in our official documentation:

I hope this information helps.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.