If you want a really blunt axe, go to WAF > Rate limiting rules. Then create a rule like this:It easier and more effective to block them in Cloudlfare's firewall. Go to security section >> WAF and then click the link for custom rules.
The free tier only allows one rate limiting rule. If you set the limit to 10 requests per second/10 second timeout, you effectively limit any bot (or person) to less than one page request per second. You can tweak the maximum number of requests as your server capacity allows with a minimum of 1 page every 10 seconds.(not cf.bot_management.verified_bot and http.request.uri.path contains ".php") or (cf.bot_management.verified_bot and http.request.uri.path contains ".php")
Statistics: Posted by HB — Fri Jul 05, 2024 7:41 pm