We are currently being spammed by the referer urlumbrella.com, sending a lot of bot traffic to our website bubliq.com
We have tried to create a WAF rule, blocking the referer urlumbrella.com, and the IP-address’ associated with this domain. The traffic is still not being blocked. In the field we use “contains” for the referer name, and “equals” for the IP-address.
We have read the documentation on how to create WAF rules, but cannot figure out if we are missing something.
Here’s the expression Cloudflare generates from the referer and URL we inserted:
(http.referer contains “trafficdrive.xyz”) or (http.referer contains “nfocusdriver.com”) or (http.referer contains “urlumbrella.com”) or (ip.src eq 172.67.147.164) or (ip.src eq 104.21.47.124)
How are you assessing this? If you see this traffic in your Google Analytics reports, please keep in mind that there’s an old, persistent referrer spam technique in GA that does not depend on visitors actually visiting your website (and therefore cannot be handled by Cloudflare products.)
Otherwise, if you’re seeing these referrers in your origin logs, you should make sure you origin only allows requests from Cloudflare IPs.
Hello, I have the same problem, spam from urlumbrella or (not set) referals from severals countries (russia, indonesia, etc), generating page views without doing nothing and without any access logs.
So as @cbrandt said, it seems to be a GA4 spam.
How can we get rid of it as it has not always a referal set.
And therefore an issue that you guys have to bring to another forum, as it falls outside the scope of this community. Perhaps you should try Google Analytics Community