So I have a rule in WAF
“If ip not in my country (BY) - block”
(ip.geoip.country ne “BY”)
but some packets not from BY “go to site good”, why? In log file I see ip not from Belarus
And other questions - which rule I can use when attack goes from http://minterne.co.uk/mjs/plugins/content/plugin_googlemap2_proxy.php?url=XXXXX - and I need block by text “plugins” or “plugin_googlemap2”
Where are you seeing logs of IPs that aren’t from Belarus? If it is on your server, then it is possible that people or bots are connecting directly to your server’s IP address and not through Cloudflare.
One thing to consider is future usage of the words. If you are confident that no future URLs are going to contain
plugin then you can make a rule like:
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.