Does cloudflare eventually block a user from their connected zone, and not just my site?
Dealing with an issue where someone is using several socketed web scrape utilities to scan my site, while they are getting blocked and are coming from the same IP, I am just wondering at what point does cloudflare step in? I am on cloudflare free, and this will very likely reach 10m requests by the end of the day, and I am not sure what implications that will have on the rest of the folks attempting access if this continues long term.
5 Replies
10 mins later.
Unless you configure the WAF to block it or the IP has poor reputation so it's blocked by default, it's unlikely any additional CF mitigations will apply for a single IP.
WAF is set to block the individual IP currently, so they are being blocked successfully. Would 1 million requests from a single IP not lower IP repuation? I also am unsure where I could view more detailed info about the ip repuation of the threat actor, so if you know where that is, thatd be great 🙂
IP reputation is something Cloudflare measures internally, you should be able to see it in the WAF event log (threat score). Creating rules won't affect the IP reputation as it's built on a global level, e.g. one user blocking google's IP should not lower their IP reputation.
If the WAF is blocking it then there isn't really much else for you to do.
Thanks! Kinda just wanted to confirm that there wasnt anything else that could be done ❤️