elderlabs · May 12, 2026 18:15
diff --git a/Blocker-9000-Cloudflare-WAF-Rule.txt b/Blocker-9000-Cloudflare-WAF-Rule.txt
 # The ever-evolving Cloudflare WAF rule, so long as I remember to keep it up to date.
 # https://gist.github.com/elderlabs/2b0b39df36ecc7d9b08699255c0adc18

 # Ideally, this rule will block all automated/malicious traffic.
 # This works best in an environment that lacks WordPress, which is a cancer upon the internet.
 # WordPress has it's place, but it's not here. This may need editing to work for you, specifically where we limit HTTP methods.

 # This works by blocking a known list of bad/commercial IP spaces/ASNs, China, all IP spaces not allocated to a country,
 # anything Cloudflare has designated as a bot, any browser lacking a "Mozilla/5.0" user-agent, 
 # any HTTP request method that is not "GET", and any request looking for a WordPress file (starts with `/wp-` and ends with `.php` or `.xml`),
 # as well as any file/path beginning with a dot. While your webserver should be able to cover that last part, it's ideal that this
 # traffic never reach your origin. For extra spice, set your origin to close connections upon all 403/404s. Cloudflare
 # will then respond with a 502 error. In nginx, the response code to do this is `444`. Enjoy.

 # Obviously, we take no liability for damages if this breaks access to your web resources. A good rule of thumb is to create a "skip" 
 # rule above this one to whitelist access for very specific origins, such as your own. This works for me, but may not work for thee.

 # Feel free to edit this to fit your needs and use this anywhere for any reason. Should you share this with others, we ask that you 
 # link back to this, or to someone's copy that's kept up-to-date should I fail to do so -- or a copy that better fits your resources. 

 # -------------------------------------------------------------------------------------------------------------------------------------

 (ip.geoip.asnum in {174 714 997 1239 2639 3329 4808 6206 6364 6461 6698 6939 7029 7162 7224 7506 7941 8075 8100 8342 8560 8595 8796 8987 9009 9123 9294 9312 9341 9541 10439 11320 11798 11831 12222 12555 12714 12816 12876 13213 13238 13335 13737 14061 14315 14618 14956 15169 16265 16276 16417 16509 16625 18229 18345 18747 19318 19437 19871 19994 20278 20454 20473 20845 20857 21069 21409 21499 21859 22295 22363 22612 23033 23470 23576 23650 24445 24940 24961 25369 26347 26496 27176 27823 29066 29182 29289 29550 29802 30277 30633 30823 30860 31476 31898 32097 32164 32475 32934 33387 33494 33905 34164 34343 34412 34665 35444 35916 35994 36007 36183 36195 36321 36352 37611 37963 38283 38511 39122 39134 39351 39364 39931 40021 40065 40092 40355 40676 41436 41544 41608 42624 42655 42708 42730 42831 43754 44066 44559 44709 45090 45102 45753 45769 46475 46549 46606 47583 47585 47692 47890 48090 48096 48314 48693 49217 49434 49453 49505 49581 49981 50053 50219 50580 50810 50926 51167 51396 51430 51559 51852 52048 52393 52485 53514 53667 53755 54548 54825 55081 55286 55293 56534 56694 57230 57523 58087 58461 58477 58909 59441 60068 60404 60647 60781 61173 61432 62082 62240 62563 62907 63023 63759 63760 63949 64286 64425 131090 131921 132203 132335 132783 132839 132883 132892 132974 133199 133210 133380 133643 133918 135097 135161 135377 135450 135822 135905 135917 135918 135967 136170 136557 136787 136907 137409 137687 138131 138995 139070 139659 140389 140810 140817 140947 141004 141201 141892 141995 142032 142036 142299 142367 142430 142594 146943 147181 147237 149107 149118 149440 150303 150436 150862 150887 151592 152194 152565 197540 197695 197715 197902 197922 198605 198610 198651 198953 199524 199785 200000 200019 200107 200373 200918 201415 201814 202306 202412 202425 202448 203020 203248 203446 203476 203576 204094 204548 204601 204769 204800 205016 205759 206092 206176 206216 206791 206804 207713 208137 208161 209366 209373 209605 209854 210403 210546 210558 210644 211138 211298 211381 211590 211680 211871 212238 212860 213122 213230 213250 213407 213438 213737 213877 214940 215026 215117 215208 215240 215476 215540 215590 215766 215930 216167 216188 262287 262672 263065 263511 394695 394711 394814 396073 396356 396982 397269 397423 398101 398324 398722 399244 399486 399629 399804 399979 400275 400529 400810 401109 401115 401116 401120 401152 401626}) or (ip.geoip.country in {"CN" "XX"}) or (cf.client.bot) or (not http.user_agent contains "Mozilla/5.0") or (http.request.method in {"POST" "PURGE" "PUT" "HEAD" "OPTIONS" "DELETE" "PATCH"}) or (http.request.uri contains "/wp-" and http.request.uri contains ".php") or (http.request.uri contains "/wp-" and http.request.uri contains ".xml") or (http.request.uri contains "/.")
	# The ever-evolving Cloudflare WAF rule, so long as I remember to keep it up to date.
	# https://gist.github.com/elderlabs/2b0b39df36ecc7d9b08699255c0adc18

	# Ideally, this rule will block all automated/malicious traffic.
	# This works best in an environment that lacks WordPress, which is a cancer upon the internet.
	# WordPress has it's place, but it's not here. This may need editing to work for you, specifically where we limit HTTP methods.

	# This works by blocking a known list of bad/commercial IP spaces/ASNs, China, all IP spaces not allocated to a country,
	# anything Cloudflare has designated as a bot, any browser lacking a "Mozilla/5.0" user-agent,
	# any HTTP request method that is not "GET", and any request looking for a WordPress file (starts with `/wp-` and ends with `.php` or `.xml`),
	# as well as any file/path beginning with a dot. While your webserver should be able to cover that last part, it's ideal that this
	# traffic never reach your origin. For extra spice, set your origin to close connections upon all 403/404s. Cloudflare
	# will then respond with a 502 error. In nginx, the response code to do this is `444`. Enjoy.

	# Obviously, we take no liability for damages if this breaks access to your web resources. A good rule of thumb is to create a "skip"
	# rule above this one to whitelist access for very specific origins, such as your own. This works for me, but may not work for thee.

	# Feel free to edit this to fit your needs and use this anywhere for any reason. Should you share this with others, we ask that you
	# link back to this, or to someone's copy that's kept up-to-date should I fail to do so -- or a copy that better fits your resources.

	# -------------------------------------------------------------------------------------------------------------------------------------

	(ip.geoip.asnum in {174 714 997 1239 2639 3329 4808 6206 6364 6461 6698 6939 7029 7162 7224 7506 7941 8075 8100 8342 8560 8595 8796 8987 9009 9123 9294 9312 9341 9541 10439 11320 11798 11831 12222 12555 12714 12816 12876 13213 13238 13335 13737 14061 14315 14618 14956 15169 16265 16276 16417 16509 16625 18229 18345 18747 19318 19437 19871 19994 20278 20454 20473 20845 20857 21069 21409 21499 21859 22295 22363 22612 23033 23470 23576 23650 24445 24940 24961 25369 26347 26496 27176 27823 29066 29182 29289 29550 29802 30277 30633 30823 30860 31476 31898 32097 32164 32475 32934 33387 33494 33905 34164 34343 34412 34665 35444 35916 35994 36007 36183 36195 36321 36352 37611 37963 38283 38511 39122 39134 39351 39364 39931 40021 40065 40092 40355 40676 41436 41544 41608 42624 42655 42708 42730 42831 43754 44066 44559 44709 45090 45102 45753 45769 46475 46549 46606 47583 47585 47692 47890 48090 48096 48314 48693 49217 49434 49453 49505 49581 49981 50053 50219 50580 50810 50926 51167 51396 51430 51559 51852 52048 52393 52485 53514 53667 53755 54548 54825 55081 55286 55293 56534 56694 57230 57523 58087 58461 58477 58909 59441 60068 60404 60647 60781 61173 61432 62082 62240 62563 62907 63023 63759 63760 63949 64286 64425 131090 131921 132203 132335 132783 132839 132883 132892 132974 133199 133210 133380 133643 133918 135097 135161 135377 135450 135822 135905 135917 135918 135967 136170 136557 136787 136907 137409 137687 138131 138995 139070 139659 140389 140810 140817 140947 141004 141201 141892 141995 142032 142036 142299 142367 142430 142594 146943 147181 147237 149107 149118 149440 150303 150436 150862 150887 151592 152194 152565 197540 197695 197715 197902 197922 198605 198610 198651 198953 199524 199785 200000 200019 200107 200373 200918 201415 201814 202306 202412 202425 202448 203020 203248 203446 203476 203576 204094 204548 204601 204769 204800 205016 205759 206092 206176 206216 206791 206804 207713 208137 208161 209366 209373 209605 209854 210403 210546 210558 210644 211138 211298 211381 211590 211680 211871 212238 212860 213122 213230 213250 213407 213438 213737 213877 214940 215026 215117 215208 215240 215476 215540 215590 215766 215930 216167 216188 262287 262672 263065 263511 394695 394711 394814 396073 396356 396982 397269 397423 398101 398324 398722 399244 399486 399629 399804 399979 400275 400529 400810 401109 401115 401116 401120 401152 401626}) or (ip.geoip.country in {"CN" "XX"}) or (cf.client.bot) or (not http.user_agent contains "Mozilla/5.0") or (http.request.method in {"POST" "PURGE" "PUT" "HEAD" "OPTIONS" "DELETE" "PATCH"}) or (http.request.uri contains "/wp-" and http.request.uri contains ".php") or (http.request.uri contains "/wp-" and http.request.uri contains ".xml") or (http.request.uri contains "/.")
No results found