Disallow traffic from top hacking countries
(ip.geoip.country eq "CN") or
(ip.geoip.country eq "RU") or
(ip.geoip.country eq "UA") or
(ip.geoip.country eq "TR") or
(ip.geoip.country eq "TW") or
(ip.geoip.country eq "BR") or
(ip.geoip.country eq "RO")
: block
Disable xmlrpc
(http.request.uri eq "/xmlrpc.php")
: block
Discard all bot traffic to test subdomain
(lower(http.user_agent) contains "bot" and lower(http.host) eq "staging.example.com") or
(lower(http.user_agent) contains "crawl" and lower(http.host) eq "staging.example.com") or
(lower(http.user_agent) contains "fetch" and lower(http.host) eq "staging.example.com") or
(lower(http.user_agent) contains "parse" and lower(http.host) eq "staging.example.com") or
(lower(http.user_agent) contains "spider" and lower(http.host) eq "staging.example.com")
: block
Accept desirable bot traffic
lower(http.user_agent) contains "google" or
lower(http.user_agent) contains "bing" or
lower(http.user_agent) contains "yandex" or
lower(http.user_agent) contains "duckduckgo" or
lower(http.user_agent) contains "facebook" or
lower(http.user_agent) contains "twitter" or
lower(http.user_agent) contains "better uptime" or
lower(http.user_agent) contains "uptimerobot"
: allow
Reject all other bot traffic
lower(http.user_agent) contains "bot" or
lower(http.user_agent) contains "crawl" or
lower(http.user_agent) contains "fetch" or
lower(http.user_agent) contains "parse" or
lower(http.user_agent) contains "spider"
: block