|
|
|
|
|
|
by codegeek
1345 days ago
|
|
|
You have to get more aggressive unfortunately which may sometimes block real users but do the following: - Setup captcha or just block users from certain countries if you know where your traffic comes from. This can sometimes create issues for your users on VPN but then you have to make the call depending on how many of your users may be using VPN etc. At the minimum, add a captcha. - Create more Page rules in cloudflare and block if they don't match the rule. For example, if your URLs start with a specific prefix, drop anything that is a no match. - Make sure to return 444 status from your server directly if bots are bypassing cloudflare and hitting the IP directly. Sample code for nginx 1.19 or higher: server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 default_server;
listen [::]:443 default_server;
ssl_reject_handshake on;
server_name _;
return 444;
}
If bots are getting too aggressive, I start with Block first, ask questions later. Depending on your traffic and users, it may be the right strategy. |
|
|