When should I block a range of ip instead of a single ip

What is the name of the domain?

stevebrown.us

What is the issue you’re encountering

I’m a newby to all this. I have a personal website that is very elementary but has a store with a contact form. Was getting lots of phony replies which were easy to identify but annoying. My hosting service recommended a free Cloudflare account. This has reduced but not eliminated the spam/scam, so I am trying to block the ip whenever a new email comes in. The hosting service did it for me at first, but I want to do it myself. Is there any rule when you should just block the ip 196.196.53.99 vs the range 196.196.53.0/24?

What steps have you taken to resolve the issue?

None

You’ll be playing whack-a-mole for a very long time. Most of the time, those are essentially disposable IP addresses, and they’ll move on to others.

The better option would be to put a challenge page in front of it with a WAF Rule:

1 Like

As I said, I have a free account and don’t think I can create a custom rule. I’m not disputing the disposable IP address problem, but I was wondering whether the perps tend to operate through a cluster of IP addresses that might be blocked as an IP range. And as I said, these emails are just an annoyance and not much of a threat. So did I over-react by signing up for the Cloudflare reverse proxy?

You most certainly can create a Custom Rule in a Free Plan. Please follow the directions in the link I provided.

Not likely. They tend to rotate through providers, so you’d end up seeing completely different IP addresses.

Sorry. I’m so new to this that when I opened Security>WAF and it opened to Managed Rules, I didn’t notice the Custom Rules tab. Do I already have a challenge page, maybe the JS challenge? When I visit stevebrown.us, there is a brief “verifying you are human” screen, without the need to check a box. Do I need another or different page? I think the current setup is keeping robots from seeing my form page, which sends the user to mail.php, the script that sends the emails to me. But it apparently doesn’t keep the perps from getting to mail.php another way, perhaps using manual input from a stored form page that isn’t on my website. What kind of custom rule would help with that?

Hello,

Sorry. I’m so new to this that when I opened Security>WAF and it opened to Managed Rules, I didn’t notice the Custom Rules tab

Based on my observation, I am able to see the Custom Rule

For further information, kindly review this documents that might helpful :

Thank you

Thanks. I did find the custom rules page. I also discovered from my visitor logs that most of the annoying emails come from a User Agent “Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot)” I’ve never created a rule. Would the syntax be Expression: https.user_agent eq “GPTBot/1.2; +https://openai.com/gptbot”
with Action: Block ?
or do I need to copy the entire string starting with Mozilla?
or something else?

For simplicity, I use a “Contains” instead of equals. Then I select a very specific piece of the UAS, like “GPTBot”. That way, if they up the version to 1.3, or some other minor change, it’ll still block.

1 Like

Thanks. I suspected that might be possible, and I’ve added the rule. Am I correct that Cloudflare recommends the custom rule over the User Agent rule available under Tools?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.