WAF - Definition to ban automatic

There is no option to ban one IP wen abuse and detected by waf rules?

Or i missing something?

I assume it would need to be some script-like thing to automate the process, otherwise you could go another way.

Furthermore, as far as I see from the provided screenshot above, you can see the “paths” where are the requests comming.
By that, you can create a Firewall rule which would block any requests that contains “.env”. That way, anyone trying to scan/access the “.env” will get an Cloudflare default error page “Access Denied (Error: 1020)”.

Firewall → Firewall Rules → Create a Firewall rule

  • Provide a name
  • Select the needed options (URI …), or just click on the “Edit expression” and copy-paste the code from below
  • Select the action from dropdown menu “Block”
  • Save the rule by clicking the button “Deploy”

Expression code:

(http.request.uri contains ".env")

Screenshot:

Therefore, as you would have the IP address(es), without a script, you can manually add them either to IP Access Rules (Firewall → Tools → IP Access Rules) with action “block” or inside the Firewall Rule, again with the action “block”.

That wont ban the IP.

I know how to create rules.

I am afraid you cannot “ban” it as you mean for a “ban”, you can block requests from that IP.

If interested, I believe you can gather them from Firewall events/log and then ban the IP address(es) on your host/server via fail2ban or some other service.

Great! I strongly recommend using them wisely to block bad bots and prevent potentially bad requests comming to your sites :wink:

We plan on releasing (open source) a project that achieves something like this, once it’s out I will post it on the community :smiley:

1 Like

@jnperamo great news!

Furthermore, check the below article too :wink:

Thanks to @eva2000 :+1:

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.