What is the name of the domain?
example.com
What is the error number?
WAF Custom Rules not blocking bots
What is the error message?
No error message
What is the issue you’re encountering
I just started using Cloudflare to redirect (301) traffic from multiple dating domains I have to offers on dating networks to try and stop all the bot traffic which is messing up my stats. All the bots are trying common pages like mydomain/wp, mydomain/wordpress, mydomain/xmlrpc etc. which don’t exist. I read up that just using WAF that replaced the firewall rules would block these, but it’s still not working.
What steps have you taken to resolve the issue?
I have Full (Strict) SSL/TLS and set the rules as shown in the screenshots. But the bots are still getting through. I’m on the Cloudflare Free Plan.
Screenshot of the error
I replicated your simple rule on my test domain, and requests to /wp
and /wordpress
are blocked as espected: https://www.cftest.fun/wp
Is the domain proxied ()?
If the traffic is not going through Cloudflare’s Proxy, most of Cloudflare’s features (including WAF) aren’t going to work.
Hi George,
Thank you for your quick reply, I have Full (strict) SSL/TLS enabled. But maybe not proxied as you suggested, could you please link to the instructions on how to do this, or please tell me?
Many thanks for your help.
If Cloudflare’s Universal SSL is indeed working for your domain, then the domain must necessarily be proxied.
But you can look over your Cloudflare DNS records to confirm to the Proxy Status.
NB: If you have access to DM, you can DM me your domain so I can test it from my side of the pond.