There is no option to ban one IP wen abuse and detected by waf rules?
Or i missing something?
I assume it would need to be some script-like thing to automate the process, otherwise you could go another way.
Furthermore, as far as I see from the provided screenshot above, you can see the “paths” where are the requests comming.
By that, you can create a
Firewall rule which would block any requests that contains “.env”. That way, anyone trying to scan/access the “.env” will get an Cloudflare default error page “Access Denied (Error: 1020)”.
Firewall → Firewall Rules → Create a Firewall rule
(http.request.uri contains ".env")
Therefore, as you would have the IP address(es), without a script, you can manually add them either to
IP Access Rules (Firewall → Tools → IP Access Rules) with action “block” or inside the
Firewall Rule, again with the action “block”.
That wont ban the IP.
I know how to create rules.
I am afraid you cannot “ban” it as you mean for a “ban”, you can block requests from that IP.
If interested, I believe you can gather them from Firewall events/log and then ban the IP address(es) on your host/server via fail2ban or some other service.
Great! I strongly recommend using them wisely to block bad bots and prevent potentially bad requests comming to your sites
We plan on releasing (open source) a project that achieves something like this, once it’s out I will post it on the community
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.