went it come up to the security of website most people out there add a layer of security using Cloudflare firewall rules if you have some cool rules and will like to share them feel free here are mine
My setup is
Admin asks for the captcha to IP that is not whitelisted so if someone tries to log in to admin will be presented with a captcha I have whitelist my domain to avoid getting lock here the code for Expression Preview
Block bad bot hitting my server very effective Expression Preview
do you guys have specific rules to add more security please let me know
My setup is
Admin asks for the captcha to IP that is not whitelisted so if someone tries to log in to admin will be presented with a captcha I have whitelist my domain to avoid getting lock here the code for Expression Preview
Code:
(http.request.uri eq "/admin url")
Block bad bot hitting my server very effective Expression Preview
Code:
(http.user_agent contains "Yandex") or (http.user_agent contains "muckrack") or (http.user_agent contains "Qwantify") or (http.user_agent contains "Sogou") or (http.user_agent contains "BUbiNG") or (http.user_agent contains "knowledge") or (http.user_agent contains "CFNetwork") or (http.user_agent contains "Scrapy") or (http.user_agent contains "SemrushBot") or (http.user_agent contains "AhrefsBot") or (http.user_agent contains "Baiduspider") or (http.user_agent contains "python-requests") or (http.user_agent contains "crawl" and not cf.client.bot) or (http.user_agent contains "Crawl" and not cf.client.bot) or (http.user_agent contains "bot" and not http.user_agent contains "bingbot" and not http.user_agent contains "Google" and not http.user_agent contains "Twitter" and not cf.client.bot) or (http.user_agent contains "Bot" and not http.user_agent contains "Google" and not cf.client.bot) or (http.user_agent contains "Spider" and not cf.client.bot) or (http.user_agent contains "spider" and not cf.client.bot)
do you guys have specific rules to add more security please let me know