api abuse
Hello,
Yesterday i redirected my domain DNS handling to cloudflare. I use a free plan and i'm totally satisfied but got a question though.
I noticed that today at 3 am UTC my app had to handle around 2k requests coming from unwanted agents. All of them were a GET requests for confidential files like
GET /.env, GET /config.json etc.
All of those requests got a 404 response but I really would like to somehow block these kind of requests.
My question is can it be done with some configuration, service at cloudflare? Thanks in advance for response1 Reply
Sure, use a custom WAF rule: https://developers.cloudflare.com/waf/custom-rules/
