What firewall rule should I create?

Hi, everyone. The IP in the screenshot visited my site so frequently. Does this mean it is a spam bot?


If I block this IP, it will use another IP to attack my site. So what firewall rule should I create? Is it better to create managed challenge for AS4771?

Thanks!

Did you find any other patterns e.g. the user agent and the URLs they hit your site? If no, send managed challenge to the entire AS4771 should be sufficient.

Thank you very much. Here is the pattern.

I will first block the ip in firewall->tools. What should I do next in terms of firewall rule?

Looks like it’s Apple mobile app traffic. Doesn’t look like spam.

If you still want to challenge them, you can combine both ASN and user agent while creating a firewall rule.

1 Like

Thank you. So, it is actually very normal to see frequent requests from the same IP address in such a short period of time as you can see in Post 1?

It’s common to see a user make tens or hundreds of requests within seconds (depending on how many resources are needed to load a webpage).

But if you are talking about the user making tons of requests for a few hours or maybe days, then something’s not right.

1 Like

Thank you very much. Then how I can identify spam traffic in Firewall Events? I don’t want to have managed change for all traffic forever.

You can refer to some of the topics here:

3 Likes

Thank you very much. I learned a lot.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.