about workers protection
hey
I want to only allow traffic from certian hostnames for my domain that is using workers also pages.
is there any limits on how many 'OR' expression I can use or unlimited or
12 Replies
Change the operator to "Is not in" and then you can add a big list
I want to rate limit all my endpoints including sub domains also. /* not working ig. what is the wildcard to target all
Ruleset engine doesn't support wildcards like that
Actually, what are you trying to do there? Verfied Bots are the good bots who are whitelisted and identify themselves
like Google Bot and such https://radar.cloudflare.com/traffic/verified-bots
I am just trying to protect my cloudfalre worker from DOS attack
what rules should I use for that
if you just wanted to ratelimit everything, you can click Edit Expression and type "true", and it would match every request to your website/zone
sounds good. will this work. requests 200 period is 10 second. what if attacker gave more then 200 under 5 second like attacker doing DOS have 1000 clients ready and send 40k under 5 second will this only come into affect after 10 second.
and the period I can't change to something else other then 10 seems like
it's 200 requests within the last 10 seconds -> blocked for 10 seconds (block would be instant the second they breached it)
the free plan is pretty restrictive, pro and higher has some more options: https://developers.cloudflare.com/waf/rate-limiting-rules/
Cloudflare Docs
Rate limiting rules · Cloudflare Web Application Firewall (WAF) docs
Rate limiting rules allow you to define rate limits for requests matching an expression, and the action to perform when those rate limits are reached.
@Chaika love you ❤️ . it's working blocked 62k req out of 64k. seems like it's working.
btw it's only per client IP right. so other users still can use.
yep it's per IPv4 /32 (single ip) and IPv6 /64 iirc