HI All!
I have a WAF rule for our site that will display a managed challenge when users hit a certain page on our CMS :
I can see in the Event summary that the rule is firing and I am getting IP’s displaying the managed challenge. However, we have new relic plugged into this site, and I occasionally get large numbers of hits on the exact page that I am blocking.
How could these requests be getting through? I am assuming they are not physical users making the request, because I am seeing 100’s of requests happening in a minute. I am assuming this is a bot hitting the login page. But I would think that any bot should have trouble with the managed challenge page and not be let through?
I dont want to completely block this page, as we have several legitimate users that would need to access it, and their IP changes, so I cant really use an IP whitelist.
Any other options or thoughts as to why I still see so much traffic making it through the rule?
Thanks!