Currently using WAF Custom Rules with this expression:
(lower(http.user_agent) contains “bytespider”) or (lower(http.user_agent) contains “amazonbot”) or (lower(http.user_agent) contains “meta-externalagent”) or (lower(http.user_agent) contains “facebookexternalhit”) or (lower(http.user_agent) contains “semrush”) or (lower(http.user_agent) contains “claudebot”) or (lower(http.user_agent) contains “ahrefsbot”) or (lower(http.user_agent) contains “dotbot”)
Cloudflare blocks all requests matching those user agents coming from IPv4 addresses. However, looking at our server logs, we can see requests that come from IPv4-mapped IPv6 addresses are not blocked. Here’s an example:
Here’s an example of two requests from AhrefsBot within 5 seconds of each other:
8:32:20 PM - 54.36.148.150 | Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/) - blocked, shown under cloudflare firewall events, not seen in our server logs
8:32:25 PM - ::ffff:54.36.149.20 | Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/) - NOT blocked, not shown under cloudflare firewall events, visible in our server logs
AS far as I am blocking the ASNs, therefore it’s blocked at the IP Access Rules via multiple ASNs. Will give it a try with another CF account via WAF Rule to test out the UA for IPv4/IPv6 if it catches it.