about workers protection

hey
I want to only allow traffic from certian hostnames for my domain that is using workers also pages.
is there any limits on how many 'OR' expression I can use or unlimited or

Erisa•2/9/24, 2:25 AM

Change the operator to "Is not in" and then you can add a big list

AlveeOP•2/9/24, 2:39 AM

I want to rate limit all my endpoints including sub domains also. /* not working ig. what is the wildcard to target all

AAlvee I want to rate limit all my endpoints including sub domains also. /* not working...

Chaika•2/9/24, 3:04 AM

Ruleset engine doesn't support wildcards like that

Chaika•2/9/24, 3:05 AM

Actually, what are you trying to do there? Verfied Bots are the good bots who are whitelisted and identify themselves

Chaika•2/9/24, 3:06 AM

like Google Bot and such https://radar.cloudflare.com/traffic/verified-bots

CChaika Actually, what are you trying to do there? Verfied Bots are the good bots who ar...

AlveeOP•2/9/24, 3:06 AM

I am just trying to protect my cloudfalre worker from DOS attack

AlveeOP•2/9/24, 3:06 AM

what rules should I use for that

Chaika•2/9/24, 3:06 AM

if you just wanted to ratelimit everything, you can click Edit Expression and type "true", and it would match every request to your website/zone

CChaika if you just wanted to ratelimit everything, you can click Edit Expression and ty...

AlveeOP•2/9/24, 3:10 AM

sounds good. will this work. requests 200 period is 10 second. what if attacker gave more then 200 under 5 second like attacker doing DOS have 1000 clients ready and send 40k under 5 second will this only come into affect after 10 second.

AlveeOP•2/9/24, 3:10 AM

and the period I can't change to something else other then 10 seems like

AAlvee sounds good. will this work. requests 200 period is 10 second. what if attacker ...

Chaika•2/9/24, 3:11 AM

it's 200 requests within the last 10 seconds -> blocked for 10 seconds (block would be instant the second they breached it)

Chaika•2/9/24, 3:11 AM

the free plan is pretty restrictive, pro and higher has some more options: https://developers.cloudflare.com/waf/rate-limiting-rules/

Cloudflare Docs

Rate limiting rules · Cloudflare Web Application Firewall (WAF) docs

Rate limiting rules allow you to define rate limits for requests matching an expression, and the action to perform when those rate limits are reached.

CChaika it's 200 requests within the last 10 seconds -> blocked for 10 seconds (block wo...

AlveeOP•2/9/24, 3:26 AM

@Chaika love you

. it's working blocked 62k req out of 64k. seems like it's working.

AlveeOP•2/9/24, 3:27 AM

btw it's only per client IP right. so other users still can use.

AAlvee btw it's only per client IP right. so other users still can use.

Chaika•2/9/24, 3:32 AM

yep it's per IPv4 /32 (single ip) and IPv6 /64 iirc

about workers protection

Similar Threads

Similar Threads

Similar Threads