Blocking bots from news.grets.store

if your method hasn't blocked the site effectively, it might be due to the dynamic nature of IP addresses used by such domains, making them difficult to block through IP-based rules alone. A better approach could include:

• Use DNS filtering to block requests to or from the domain. This approach can be more effective as it doesn't rely on IP addresses, which can change frequently.
• Configure your WAF rules to block requests based on HTTP header values that uniquely identify traffic from the unwanted source. For example, the Host header might contain news.grets.store or a User-Agent header might identify bot traffic.

Hello, before proceeding, I want to highlight that it is always a good idea, if you are testing in production, to initially put the rules in count mode, and analyze for 1-2 weeks minimum to see if they are working as you expect.

That being said, when it comes to bots, even more when this is about non-legit ones(as it seems to be the case here) you need to consider that both user agent and IP can most likely vary, as well as other headers. With this in mind, you need to adapt and a good idea would be to place a rate limit rule, combining with captcha. This way you don't need to block an IP that could eventually be changed and end up being a valid one. I also recommend you to read this blog post, which covers best practices on how to use and prioritize rate-based rules.

Finally, you might also want to consider Bot Control. Keep in mind it has extra costs(depending on whether you use Common or Targetted, you will be charged by the number of captchas analyzed(see here for pricing details), so you might want to place Bot rules below more specific ones to reduce the traffic that.