Idle
CDCloudflare Developers
•Created by TrueHeads on 11/18/2024 in #general-help
Block what I think are headless requests?
(and free)
66 replies
CDCloudflare Developers
•Created by TrueHeads on 11/18/2024 in #general-help
Block what I think are headless requests?
which essentially does what you have implemented right now, except much more convenient and secure
66 replies
CDCloudflare Developers
•Created by TrueHeads on 11/18/2024 in #general-help
Block what I think are headless requests?
if you are referencing the passcode lock for your site, i would highly recommend you look into zero trust
66 replies
CDCloudflare Developers
•Created by TrueHeads on 11/18/2024 in #general-help
Block what I think are headless requests?
if your keys are generated sufficiently secure, all you have to do is enforce rate limits
66 replies
CDCloudflare Developers
•Created by TrueHeads on 11/18/2024 in #general-help
Block what I think are headless requests?
side note: pro (and above) provide a lot more information both in waf logs, and configuration options for your WAF...
66 replies
CDCloudflare Developers
•Created by TrueHeads on 11/18/2024 in #general-help
Block what I think are headless requests?
?ddos
66 replies
CDCloudflare Developers
•Created by TrueHeads on 11/18/2024 in #general-help
Block what I think are headless requests?
would also recommend the cf guide on ddos mitigation
66 replies
CDCloudflare Developers
•Created by TrueHeads on 11/18/2024 in #general-help
Block what I think are headless requests?
a nice place to start would be to just challenge (managed) requests that don't have a nearly perfect threat score.
(i do not recommend this for production)
then filter your WAF for that rule
look at the WAF logs that you get, and try to find patterns in requests that seem suspicious to you.
as you define your own rules to block requests you can decrease the threat sensitivity of your challenging rule, rinse and repeat.
(this is just my personal strategy, this is not recommended anywhere)
66 replies
CDCloudflare Developers
•Created by TrueHeads on 11/18/2024 in #general-help
Block what I think are headless requests?
you adapt your waf rules to the traffic you receive
66 replies
CDCloudflare Developers
•Created by TrueHeads on 11/18/2024 in #general-help
Block what I think are headless requests?
there's no cure-it-all for this
66 replies
CDCloudflare Developers
•Created by TrueHeads on 11/18/2024 in #general-help
Block what I think are headless requests?
its already hidden by default
66 replies
CDCloudflare Developers
•Created by TrueHeads on 11/18/2024 in #general-help
Block what I think are headless requests?
66 replies
CDCloudflare Developers
•Created by TrueHeads on 11/18/2024 in #general-help
Block what I think are headless requests?
not quite sure what purpose this serves
66 replies
CDCloudflare Developers
•Created by TrueHeads on 11/18/2024 in #general-help
Block what I think are headless requests?
the ray id is non identifying
66 replies
CDCloudflare Developers
•Created by TrueHeads on 11/18/2024 in #general-help
Block what I think are headless requests?
but i'm curious about how they are circumventing your ratelimit rules, if they truly all come from the same origin IP
66 replies
CDCloudflare Developers
•Created by TrueHeads on 11/18/2024 in #general-help
Block what I think are headless requests?
headers can be spoofed (...), if all of the requests spamming your API don't have a UA then just add a WAF rule to block all requests without a UA
66 replies
CDCloudflare Developers
•Created by TrueHeads on 11/18/2024 in #general-help
Block what I think are headless requests?
or maybe i misunderstood you
66 replies
CDCloudflare Developers
•Created by TrueHeads on 11/18/2024 in #general-help
Block what I think are headless requests?
66 replies
CDCloudflare Developers
•Created by TrueHeads on 11/18/2024 in #general-help
Block what I think are headless requests?
cloudflare will log empty useragents
66 replies
CDCloudflare Developers
•Created by TrueHeads on 11/18/2024 in #general-help
Block what I think are headless requests?
66 replies