2456 views

Using CloudFlare Free WAF to Prevent Malicious Bot Account Registrations

Source Page: Converted from Blog
Summary

To prevent large numbers of invalid email registrations, the author configured CloudFlare's WAF on ChemSitesHub.com and added a custom rule requiring users to pass an interactive challenge when visiting specific URLs. This effectively blocks automated bot registrations and protects the website.

ChemSitesHub.com provides three registration methods: email registration, Google account authentication, and Microsoft account authentication. Email registration sends a verification email, which users must click to confirm before logging in. The other two methods allow direct login. Interactive verification added to registration and resend email Emails are sent using Resend's free service with a daily limit of 100 emails. Today, Resend reported exceeding the quota by 200% due to over 100 accounts being registered in a short period, surpassing the daily limit. Daily quota exceeded

After considering advice from AI, the author realized CloudFlare offers WAF. So, they accessed the dashboard - selected the domain - Security - WAF - Custom Rules, and created a new rule. WAF rule configuration

In the rule settings, enter a name, configure the rule according to needs, choose 'Challenge', deploy, and done. WAF rule

After clearing cookies or using a new browser to visit the configured URL, users are prompted to verify they are human. Once verified, subsequent visits no longer require authentication.