Was under attack

Website, Application, Performance Security Center
1

God, I got someone attacking my site, and you can’t even block it via user agent cos there is none.
see details below:

172.71.130.121 - - [14/Nov/2023:23:15:45 +0800] "GET avec-bandouliere-pour-femmes?attribute_color=Marron&gclid=EAIaIQobChMI86Hl99i_ggMVVJuDBx3qSQzhEAQYFiABEgI6k_D_BwE HTTP/2.0" 200 77926 "-" "-"
141.101.69.119 - - [14/Nov/2023:23:15:46 +0800] "GET ac-a-main-en-cuir-veritable?attribute_color=Marron&gad_source=1&gclid=EAIaIQobChMIvIPa8di_ggMVyTiDAx3k9AhQEAQYBCABEgLuCPD_BwE HTTP/2.0" 200 75198 "-" "-"
172.71.123.5 - - [14/Nov/2023:23:15:49 +0800] "GET en-cuir-veritable?attribute_color=Noir&gad_source=1&gclid=EAIaIQobChMIvenPitm_ggMVjQl7Bx171AfREAQYKyABEgKAW_D_BwE HTTP/2.0" 200 75118 "-" "-"
172.71.130.93 - - [14/Nov/2023:23:15:50 +0800] "GET perieure-en-cuir-veritable5?attribute_color=Marron&gclid=EAIaIQobChMI86Hl99i_ggMVVJuDBx3qSQzhEAQYAyABEgKaXvD_BwE HTTP/2.0" 200 88591 "-" "-"
172.71.135.4 - - [14/Nov/2023:23:15:51 +0800] "GET vec-bandouliere-pour-femmes?attribute_color=Marron&gclid=EAIaIQobChMI86Hl99i_ggMVVJuDBx3qSQzhEAQYFiABEgI6k_D_BwE HTTP/2.0" 200 77839 "-" "-"

They got somany IPs, I don’t even know how to block them, I turn on Under Attack Mode and MY CPU is good now.

Any other solutions?

4

http.user_agent” will be empty, when clients explicitly set an empty User-Agent, or leave it unset.

So to force clients to set a User-Agent, and combat the issue you explain, you can do something like this:

cloudflare_community_581048_block_empty_user_agent
cloudflare_community_581048_block_empty_user_agent924×602 15.7 KB

Random User-Agents would still pass through that rule, such as for example:

User-Agent: spaghetti
User-Agent: aaa
User-Agent: 123