Blocking really annoying garbage hits from bots with cloudflare

I had looked in Drupal for ways to block or redirect these bots to a honeypot— like if your Drupal site is being hit with /wp-admin.php paths it seems we should be able to block that ASAP right?

Anyway never got any answers there, could do it in .htaccess or elsewhere in Apache sure, but finally went ahead and did it in Cloudflare:

WAF firewall rule

When incoming requests match… Field: URI Path Operator: matches regex Value (e.g. ^/articles/200[7-8]/): ^/hg/


(the same again, with a different value): ^/gn/index.php

And boom like most of the spam hits that were most of our 404s stopped.

The expression that gets created looks like this:

(http.request.uri.path matches "^/hg/") or (http.request.uri.path matches "^/gn/index.php")

Really, it is simply standard regular expressions but you do not have to add .* an arbitrary number of further potential characters in the path is presumed.

Relevant documentation in order of most to least useful: