I have a store site. Recently, bots with different IPs are sending malicious requests to my host with the aim of making the site unavailable and the site will get a 500 access denied error, for example, they send a URL with 5 colors in filter_color= and the site server processor for processing These requests are busy and reach 100%. example:
https://example.com/shoes/?filter_color=cream,blue,navyblue,green,white
How can I block requests that send more than 2 colors in one url or request in Cloudflare or WordPress firewall settings?
I didn't find any guidance on this and I can only block all requests that include filter_color= in cloudflare and this has caused real customers to be blocked as well.
Thank you for guiding me
I tried these methods and it didn't work:
htaccess:
RewriteEngine On
RewriteCond %{QUERY_STRING} (?:^|&)filter_color=(?:[^&]*&){3}
RewriteRule ^ - [F]
cloudflare custom rule:
(http.request.uri.query.filter_color.length > 3)
http.request.uri.query.filter_color.length > 3
Block
cloudflare custom rule:
/?filter_color=*,*,*
/?filter_color=*,*,*,*
/?filter_color=*,*,*,*,*
Block
Any solution that’s in PHP or Wordpress will not protect you from bots overloading your server, so you’re best trying to cut this off at the hosting level with htaccess rules, or via cloudflare.
I’m not familiar with cloudflare rules, but something like this should work for apache.
You can use a regex testing site like regex101 to tweak the regex rule to make sure it matches exactly what you want.