kelbs
kelbs
Explore posts from servers
CDCloudflare DevelopersKKyselyDTDrizzle Team
PostsComments
CDCloudflare Developers
Created by kelbs on 3/10/2024 in #general-help
block malicious probing requests
my web app gets requests like these: 
get myapp.com/wp-login.php
get myapp.com/sitemap.xml
get myapp.com/.git/config
get myapp.com/wp-content/themes/sketch/404.php
get myapp.com/wp-login.php
get myapp.com/sitemap.xml
get myapp.com/.git/config
get myapp.com/wp-content/themes/sketch/404.php
which seem to be probing for vulnerabilities since none of the urls exist and e.g. my site isn't a wordpress site. Is there any way to easily block these? I could create WAF custom rules but would that turn into wack-a-mole if I need to manually specify every invalid URL being requested? I'm currently on the free plan so I could upgrade to pro to enable more managed rules, but its unclear to me if that'll solve the issue. It's not a lot of traffic so its not hurting too much. The biggest annoyance for me is it creates errors in my observability data, making it harder to find real issues amongst these phantom issues.
7 replies
CDCloudflare Developers
Created by kelbs on 3/9/2024 in #workers-help
Cloudflare workers vs pages
I'm building a full stack sveltekit app (svelte code on both frontend and backend). I'm confused whether I should deploy it to cloudflare workers or cloudflare pages? On one hand, it seems like pages is intended for static sites and workers is intended for dynamic backends. On the other hand, I see conflicting information where it seems sites deployed to pages can have dynamic backend content. What things should I consider when picking workers vs pages?
8 replies