WAF rules bypassed by multiple simultaneous requests

Is there a way to block multiple requests from the same IP happening at once?

I’ve spotted a couple of situations in Firewall Events where it seems like the WAF checks aren’t working as they should.

Scenario 1:

There are 3 or 4 simultaneous events, going down the same path, from the same IP address, but using 3 different user agents. One of them seems to get through because I see them appear in Google Analytics real-time. Considering the different user agents, we can assume these are distinct requests, correct?

Scenario 2:

Pretty much the same as above, but on different paths.

The timings might be off by 1 or 2 seconds.

I’ve been thinking about setting up rate limiting rules, but I’m not sure if that’s the right move. Any advice would be really helpful.

Thanks!

Hi @more.fun

I would definitely recommend creating a Rate Limiting Rule.

I would also recommend that you block automated traffic by enabling Bot fight mode

Hi @louise2

Super Bot Fight Mode has been enabled since I implemented Cloudflare, but that doesn’t seem to help with this issue.

Can you please elaborate on the Rate Limiting Rule that I could implement for the mentioned scenarios? I don’t want to block legitimate requests.

In the mentioned scenarios, we have 3 or 4 simultaneous requests. If I setup a Rate Limiting Rule with “requests = 3” and “period = 10 seconds”, will that also block a legitimate user who quickly navigates the main menu and clicks 3 or 4 times in the menu? Or even a user who quickly clicks on several links within the same time period?

Thanks

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.