I’m running a website that is getting a lot of bot traffic and found Cloudflare free rule tier to be a bit limiting. (5 custom rules with length limits)
Ive got subnets for major VPS providers to block and will run analysis against my traffic to build on these lists.
What do others do?
I’m contemplating my Cloudflared tunnel into Crowdsec to my app.
Edit: Adding in image of my analysis of the IPs scanning for vulnerabilities.
fail2ban isn’t a WAF?
fail2ban can be configured in just about any way you want. There’s no reason to say that fail2ban “isn’t” a WAF simply because it wasn’t designed that way. It’s kinda moot when it can be configured that way.