Common Rules

NameTagFieldOperatorValueActionExpression Preview
security
URI Path
equals
/xmlrpc.php
block
(http.request.uri.path contains "/xmlrpc.php")
securitycountry
URI
contains
wp-login.php
and
Country
is not in
Canada
captcha
(http.request.uri contains "wp-login.php" and not ip.geoip.country in {"CA"})
User Agent
contains
ahrefs
or
User Agent
contains
opensite
or
User Agent
contains
dotbot
block
(http.user_agent contains "semrush") or (http.user_agent contains "ahrefs") or (http.user_agent contains "opensite") or (http.user_agent contains "dotbot")
security
URI Path
contains
/xmlrpc.php
or
((http.request.uri.path contains "/xmlrpc.php") or (http.request.uri.path contains "/wp-login.php") or (http.request.uri.path contains "/wp-admin/" and not http.request.uri.path contains "/wp-admin/admin-ajax.php" and not http.request.uri.path contains " /wp-admin/theme-editor.php"))
UR Path
contains
/wp-login.php
or
UR Path
contains
/wp-admin/
and
UR Path
contains
/wp-admin/admin-ajax.php
and
UR Path
contains
/wp-admin/theme-editor.php
Captcha
securitycountry
Country
equals
Russian Federation
or
Country
equals
Hong Kong
block
(ip.geoip.country eq "RU") or (ip.geoip.country eq "HK")
securitycountry
Country
does not equal
United States
or
Country
does not equal
Canada
block
(ip.geoip.country ne "US") or (ip.geoip.country ne "CA")
security
Threat Score
greater than
10
captcha
(cf.threat_score ge 10)
security
Threat Score
greater than
20
block
(cf.threat_score ge 20)
bots
User Agent
contains
semrush
or