Cloudflare DevelopersCD
Cloudflare Developers14mo ago
TrueHeads

Block what I think are headless requests?

Hello! I am trying to block someone currently spamming an API post endpoint for one of my webistes, but trying to do it in a way that isnt just IP banning that one user. He is somehow making 1000s of requests to my site despite my rate limit of 25 requests per 10 seconds. I have checked the local real time logs and there is no user agent listed, so I am thinking this is some sort of headless scan. I did some googling and I cant find out how to block headless requests with WAF. I am on the Free tier as well.

Here is an example of one of the real time logs for better help, I have removed all identifying information.
{
  "truncated": false,
  "executionModel": "stateless",
  "outcome": "ok",
  "scriptVersion": {
    "id": "a0395456-058b-456e-a9a3-0a6559b451e8"
  },
  "scriptName": "pages-worker--4177999-production",
  "diagnosticsChannelEvents": [],
  "exceptions": [],
  "logs": [
    {
      "message": [
        "[FAILURE] 2024-11-18T07:00:47.745Z - Incorrect passcode entered: '112788'"
      ],
      "level": "warn",
      "timestamp": 1731913247745
    },
    {
      "message": [
        "[TOTALS] Updating totals in KV - {\"successes\":0,\"failures\":5153,\"errors\":350}"
      ],
      "level": "log",
      "timestamp": 1731913247750
    }
  ],
  "eventTimestamp": 1731913247736,
  "event": {
    "request": {
      "method": "POST",
      "headers": {
        "accept-encoding": "gzip, br",
        "cf-connecting-o2o": "1",
        "cf-ipcountry": "AU",
        "cf-ray": "8e4615e64ff7a980",
        "cf-visitor": "{\"scheme\":\"https\"}",
        "connection": "Keep-Alive",
        "content-length": "21",
        "content-type": "application/json; charset=utf-8",
        "x-forwarded-proto": "https",
      },
      "cf": {
        "httpProtocol": "HTTP/1.1",
        "tlsCipher": "ECDHE-ECDSA-AES128-GCM-SHA256",
        "continent": "OC",
        "asn": 4764,
        "clientAcceptEncoding": "gzip, br",
        "country": "AU",
        "verifiedBotCategory": "",
        "tlsClientAuth": {
          "certIssuerDNLegacy": "",
          "certIssuerSKI": "",
          "certSubjectDNRFC2253": "",
          "certSubjectDNLegacy": "",
          "certFingerprintSHA256": "",
          "certNotBefore": "",
          "certSKI": "",
          "certSerial": "",
          "certIssuerDN": "",
          "certVerified": "NONE",
          "certNotAfter": "",
          "certSubjectDN": "",
          "certPresented": "0",
          "certRevoked": "0",
          "certIssuerSerial": "",
          "certIssuerDNRFC2253": "",
          "certFingerprintSHA1": ""
        },
        "tlsClientHelloLength": "",
        "tlsVersion": "TLSv1.2",
        "edgeRequestKeepAliveStatus": 1,
        "requestPriority": "",
        "tlsClientRandom": "",
        "botManagement": {
          "corporateProxy": false,
          "verifiedBot": false,
          "jsDetection": {
            "passed": false
          },
          "staticResource": false,
          "detectionIds": {},
          "score": 99
        }
      }
    },
    "response": {
      "status": 200
    }
  },
  "id": 84
}
image.png
Was this page helpful?