| Name | Tag | Field | Operator | Value | Action | Expression Preview |
|---|---|---|---|---|---|---|
security | URI Path | equals | /xmlrpc.php | block | (http.request.uri.path contains "/xmlrpc.php") | |
securitycountry | URI | contains | wp-login.php | and | ||
Country | is not in | Canada | captcha | (http.request.uri contains "wp-login.php" and not ip.geoip.country in {"CA"}) | ||
User Agent | contains | ahrefs | or | |||
User Agent | contains | opensite | or | |||
User Agent | contains | dotbot | block | (http.user_agent contains "semrush") or (http.user_agent contains "ahrefs") or (http.user_agent contains "opensite") or (http.user_agent contains "dotbot") | ||
security | URI Path | contains | /xmlrpc.php | or | ((http.request.uri.path contains "/xmlrpc.php") or (http.request.uri.path contains "/wp-login.php") or (http.request.uri.path contains "/wp-admin/" and not http.request.uri.path contains "/wp-admin/admin-ajax.php" and not http.request.uri.path contains " /wp-admin/theme-editor.php")) | |
UR Path | contains | /wp-login.php | or | |||
UR Path | contains | /wp-admin/ | and | |||
UR Path | contains | /wp-admin/admin-ajax.php | and | |||
UR Path | contains | /wp-admin/theme-editor.php | Captcha | |||
securitycountry | Country | equals | Russian Federation | or | ||
Country | equals | Hong Kong | block | (ip.geoip.country eq "RU") or (ip.geoip.country eq "HK") | ||
securitycountry | Country | does not equal | United States | or | ||
Country | does not equal | Canada | block | (ip.geoip.country ne "US") or (ip.geoip.country ne "CA") | ||
security | Threat Score | greater than | 10 | captcha | (cf.threat_score ge 10) | |
security | Threat Score | greater than | 20 | block | (cf.threat_score ge 20) | |
bots | User Agent | contains | semrush | or |