I’m running a website that is getting a lot of bot traffic and found Cloudflare free rule tier to be a bit limiting. (5 custom rules with length limits)
Ive got subnets for major VPS providers to block and will run analysis against my traffic to build on these lists.
What do others do?
I’m contemplating my Cloudflared tunnel into Crowdsec to my app.
Edit: Adding in image of my analysis of the IPs scanning for vulnerabilities.
Give openappsec a try. It’s not entirely Open Source, howerver you don’t need to share anything with the company behind it (Check Point), and the solution “Just works” most of the time (fail2ban support included) without the hassle of adjusting a multitude of rules thanks to the use of AI. Just install and forget about it. I only had to create one custom rule, so the WAF would allow the upload of big files into my Nextcloud server. Keep in mind I only expose a couple of my own services to the Internet, that only me and couple of friends of mine will use, so I doubt I can be very representative here.