block malicious probing requests
my web app gets requests like these:
which seem to be probing for vulnerabilities since none of the urls exist and e.g. my site isn't a wordpress site.
Is there any way to easily block these?
I could create WAF custom rules but would that turn into wack-a-mole if I need to manually specify every invalid URL being requested?
I'm currently on the free plan so I could upgrade to pro to enable more managed rules, but its unclear to me if that'll solve the issue.
It's not a lot of traffic so its not hurting too much. The biggest annoyance for me is it creates errors in my observability data, making it harder to find real issues amongst these phantom issues.
4 Replies
Do you have a paid plan? the .git one is usually blocked by default with the WAF managed rules turned on
.git would be blocked by Pro or higher's CF Managed Ruleset.
For the rest, if you're not using php or wordpress at all, you can use Custom Rules to blanket block them pretty easily, ex:
(ends_with(http.request.uri.path, ".php")) or (http.request.uri.path contains "wp-")
The sitemap xml is a legit one which is helpful to search engines so they can know all the pages to crawl/when they updated/frequency/etcI'm currently on the free plan so I could upgrade to pro to enable more managed rules, but its unclear to me if that'll solve the issue.yeah, not on paid plan but have been considering it. Only reason I haven't pulled trigger is I wasn't sure if it would help or not. Thank you for the ideas! I'll use these and see if there are more commonalities across the requests for easy blocking is the
ends_with functionality also only available on paid plans? Doesn't seem to be an option for mei generally block these with contains "wp" on free