WAF rule block good bots while it shoudn't

user90114 · July 22, 2023, 2:44pm

Hi,

I have blocked some AS Num including the ones from Google and some countries. However I wish Google’s bots can still crawl my content.

I have set the folllowing rule: (ip.geoip.asnum in {396982 15169} and not cf.client.bot)

However, here is an example of a Block from my event log:

IP address
34.155.98.40
ASN
AS396982 GOOGLE-CLOUD-PLATFORM
Country
France
User agent
Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.179 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)

Is Cloudflare blocking a Google bot? I think so because of what is in bold.
What’s wrong with my rule?

Thanks

sandro · July 22, 2023, 2:48pm

No, that’s not a Google crawler, but someone posing as Google crawler using Google’s infrastructure. The block is working all right.

user90114 · July 22, 2023, 2:50pm

Alright, so most attackers are trying to fake good bots, I get it.

Thanks for the reply

sandro · July 22, 2023, 2:51pm

Yes, the Google user agent often is used in this context.

system · July 25, 2023, 2:52pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.