cf-waf-block-asn.rules:
- Blocks ASN of most cloud providers in China: Tencent, Alibaba, Huawei, Baidu, Bytedance, Qihu 360, JD/Jingdong, Xiaomi, Netease
- Use with caution! This rule set could block some Fediverse instances or services, such as ovo.st, if they use one of these Chinese cloud providers! This could also block visitors who are using VPNs that use these ISPs as exit nodes. To avoid this, create a list of IP rules that skip the custom rules.
- This security measure is not comprehensive, as these entities may continue to exploit your services by utilizing other providers, such as AWS.
cf-waf-block-useragent.rules:
- Blocks user-agents of common spiders and browsers operated by Chinese tech companies.
- Use with caution! This rule set contains Chinese tech company crawlers and browsers. Implementing this could result in a ban for some users who use a Chinese-based browser, such as QQ browser and 360 browser, or a China-based mobile device.
- This security measure is not exhaustive due to the ease with which user agents can be modified.
Usage:
- In Cloudflare:
Security→WAF→Custom Rules→Create rule→Edit expression - Paste the rule set under
If incoming requests matchusing the expression builder - Select
Interactive Challenge(recommended, for ensuring that the visitor accessing the site is human, not automated) orBlock(Matching requests are denied access to the site) Learn More
[cf-waf-block-asn.rules]
(ip.geoip.asnum eq 132203) or (ip.geoip.asnum eq 45090) or (ip.geoip.asnum eq 137876) or (ip.geoip.asnum eq 132591) or (ip.geoip.asnum eq 24429) or (ip.geoip.asnum eq 45102) or (ip.geoip.asnum eq 37963) or (ip.geoip.asnum eq 211914) or (ip.geoip.asnum eq 134963) or (ip.geoip.asnum eq 34947) or (ip.geoip.asnum eq 55967) or (ip.geoip.asnum eq 38365) or (ip.geoip.asnum eq 38627) or (ip.geoip.asnum eq 396986) or (ip.geoip.asnum eq 136907) or (ip.geoip.asnum eq 55990) or (ip.geoip.asnum eq 141180) or (ip.geoip.asnum eq 63727) or (ip.geoip.asnum eq 200756) or (ip.geoip.asnum eq 131444) or (ip.geoip.asnum eq 140723) or (ip.geoip.asnum eq 61348) or (ip.geoip.asnum eq 265443) or (ip.geoip.asnum eq 206798) or (ip.geoip.asnum eq 206204) or (ip.geoip.asnum eq 63655) or (ip.geoip.asnum eq 137753) or (ip.geoip.asnum eq 131486) or (ip.geoip.asnum eq 137787) or (ip.geoip.asnum eq 55992) or (ip.geoip.asnum eq 63855) or (ip.geoip.asnum eq 137263) or (ip.geoip.asnum eq 131659) or (ip.geoip.asnum eq 45062)
[cf-waf-block-useragent.rules]
(lower(http.user_agent) contains "2345") or (lower(http.user_agent) contains "360") or (lower(http.user_agent) contains "ali-") or (lower(http.user_agent) contains "alipay") or (lower(http.user_agent) contains "baidu") or (lower(http.user_agent) contains "bingbot") or (lower(http.user_agent) contains "bytespider") or (lower(http.user_agent) contains "coolnovo") or (lower(http.user_agent) contains "easou") or (lower(http.user_agent) contains "facebook") or (lower(http.user_agent) contains "iaskspider") or (lower(http.user_agent) contains "iqiyi") or (lower(http.user_agent) contains "jike") or (lower(http.user_agent) contains "lbbrowser") or (lower(http.user_agent) contains "liebao") or (lower(http.user_agent) contains "maxthon") or (lower(http.user_agent) contains "metasr") or (lower(http.user_agent) contains "micromessenger") or (lower(http.user_agent) contains "miuibrowser") or (lower(http.user_agent) contains "qihoo") or (lower(http.user_agent) contains "qiyu") or (lower(http.user_agent) contains "qqdownload") or (lower(http.user_agent) contains "tencent") or (lower(http.user_agent) contains "saayaa") or (lower(http.user_agent) contains "se 1.x") or (lower(http.user_agent) contains "se 2.x") or (lower(http.user_agent) contains "sina") or (lower(http.user_agent) contains "sogou") or (lower(http.user_agent) contains "soso") or (lower(http.user_agent) contains "taobao") or (lower(http.user_agent) contains "taobrowser") or (lower(http.user_agent) contains "tencent") or (lower(http.user_agent) contains "teoma") or (lower(http.user_agent) contains "the world") or (lower(http.user_agent) contains "ucweb") or (lower(http.user_agent) contains "wechat") or (lower(http.user_agent) contains "weibo") or (lower(http.user_agent) contains "yisou") or (lower(http.user_agent) contains "yodao") or (lower(http.user_agent) contains "youdao")