Platform under continuous improvement  —  Our platform is currently undergoing continuous improvements and expansion. While some sections are still being finalized, our infrastructure and services remain fully operational. We appreciate your patience as we continue building a faster, stronger, and more comprehensive platform for our clients.   ●   Platform under continuous improvement  —  Our platform is currently undergoing continuous improvements and expansion. While some sections are still being finalized, our infrastructure and services remain fully operational. We appreciate your patience as we continue building a faster, stronger, and more comprehensive platform for our clients.
Clustrix Global
Client Login Get Started
Back to blog Security

Cloudflare WAF rule that blocked a 1.2M-req/s scrape attempt

Clustrix Admin · May 7, 2026 · 5 min read

Last quarter we mitigated a content-scrape attack against a media client. The pattern was distinctive: rotating IPs, no JS execution, unusual UA fingerprints.

The rule

We matched on the combination of: low cf_threat_score, missing accept-language, missing referer, and request method GET on /api paths. Action: block.

Within 90 seconds traffic stabilized at baseline.

Like this kind of detail?

That's the level of attention we put into every client's infrastructure.

Talk to an Engineer