WAF rule for blocking IP

jviola · February 19, 2025, 7:17am

What is the correct WAF rule to block IP adresses who is “visiting” our website 35+ times / sec?

Blocking the requested IP adress manual

fritex · February 19, 2025, 11:54am

May I ask if the IP address is always the same or it changes?, furthermore is the path of the visit the same or changes as well?

If you’re using a Pro plan, I’d suggest using Rate Limiting rule would help in such case:

Otherwise, IP Access Rules:

jviola · February 19, 2025, 8:48pm

The IP changes when I blocked it.
Always VPN (HidemyIP)
The “rule” must me 20x/sec knocking with the IP is block / add firewall

jviola · February 19, 2025, 8:55pm

AND no pro plan, only free plan

albert · February 19, 2025, 8:58pm

You can create a single rate limiting rule on the free plan too:

jviola · February 19, 2025, 9:08pm

Whre is this setting?
Under: Rate limiting rules
I got also Field - Oparator and Value

albert · February 19, 2025, 9:19pm

Click edit expression and type “true” to match all requests.

jviola · February 19, 2025, 9:25pm

Topic		Replies	Views
WAF Block Rule doesn't actually block Security	7	38	February 28, 2025
Auto IP Blocking System Security	2	1859	January 10, 2024
Need help with Setting Rate Limiting Rules Security	4	3183	July 28, 2019
Basic WAF blocking rules seem to not be blocking Security	14	2307	April 10, 2023
Block IP completely if it triggers another Security rule? Security	2	514	December 30, 2023