Block what I think are headless requests?
Hello! I am trying to block someone currently spamming an API post endpoint for one of my webistes, but trying to do it in a way that isnt just IP banning that one user. He is somehow making 1000s of requests to my site despite my rate limit of 25 requests per 10 seconds. I have checked the local real time logs and there is no user agent listed, so I am thinking this is some sort of headless scan. I did some googling and I cant find out how to block headless requests with WAF. I am on the Free tier as well.
Here is an example of one of the real time logs for better help, I have removed all identifying information.
Here is an example of one of the real time logs for better help, I have removed all identifying information.
Welcome to the official Cloudflare Developers server. Here you can ask for help and stay updated with the latest news
86,942Members
Resources
Was this page helpful?
