c

This article introduces why and how to use CloudFlare WAF to block access from rogue browsers from CN (including but not limited to 2/3/M/V/H browsers, Q/W/A built-in browsers).

For xLog users, if you use a custom domain and DNS is hosted on CloudFlare, you can follow the steps in this article.

Why block rogue browsers from CN?

CN's rogue browsers commonly exhibit the following rogue behaviors. Have you encountered them?

• Various pop-up ads with hidden close buttons that may not be able to be closed completely and can change positions arbitrarily.
• Tampering with web pages by embedding ads (search term recommendations, news, etc.). They may even remove other web page ads and replace them with their own ads.
• Background processes that reside permanently (for pushing ads and secretly collecting private data, etc.) and cannot be completely exited.
• Secretly uploading and abusing user data, sharing it with partners (shopping platforms, etc.), and engaging in big data discrimination (analyzing and profiling user information collected through algorithms to maliciously increase prices, especially for insensitive customers and regular customers), or even selling private data.
• Becoming increasingly bloated with built-in disgusting features (such as "Alipay control" and similar things) that cannot be removed.
• "Blocking web pages according to mainland China's policies" even if you are not within mainland China. Exercising extraterritorial jurisdiction.
• Maliciously blocking websites they consider "harmful" (such as the 996.icu project that maintains labor laws in mainland China, which is blocked under the pretext of violating laws and regulations).
• Unable to change the built-in search engine or can only use a limited number of search engines.
• Checking whether it is the "default browser" at startup and aggressively implying to users in the name of "security" that they should set their browser and navigation as the default.
• Bundling the installation of other rogue software (game boxes, antivirus, music, videos, news, navigation bundles, etc.) to increase ad sales and software installation volume. Moreover, this browser itself may have been bundled with viruses and installed on the system (difficult to uninstall).
• Using rogue-level certificates. In history, browsers have privately built their own root certificate trust lists, which may seriously compromise the security of your private data (understand what root certificates are (cannot be accessed in mainland China)). There have been cases where the 12306 website was not trusted and payment could not be made.
• Many selfish browsers without core technology use other browser kernels, but the kernel updates are slow and pose security risks.
• They often "take the liberty" to make choices for users without prompting them, using the name of defaults.

As webmasters, we can refuse!

Operation steps:

1. Log in to the CloudFlare console and select your website.

2. Click on "security" in the left menu bar.

3. Click on WAF.

4. Click on the "create rule" button on the right side.

5. Give this rule a name in the "rule name" field.

6. Scroll down to the "expression preview" section and click on "edit expression".

7. Paste the following content into the editing box:

(http.user_agent contains "MiuiBrowser") or (http.user_agent contains "OppoBrowser") or (http.user_agent contains "AliApp") or (http.user_agent contains "Weibo") or (http.user_agent contains "com.douban.frodo") or (http.user_agent contains "SNEBUY-APP") or (http.user_agent contains "IqiyiApp") or (http.user_agent contains "DingTalk") or (http.user_agent contains "HuaweiBrowser") or (http.user_agent contains "HUAWEI") or (http.user_agent contains "huawei") or (http.user_agent contains "VivoBrowser") or (http.user_agent contains "Quark") or (http.user_agent contains "115Browser") or (http.user_agent contains "TheWorld") or (http.user_agent contains "UCBrowser") or (http.user_agent contains "UBrowser") or (http.user_agent contains "UCWEB") or (http.user_agent contains "UC") or (http.user_agent contains "BIDUBrowser") or (http.user_agent contains "baidubrowser") or (http.user_agent contains "Baidu") or (http.user_agent contains "baiduboxapp") or (http.user_agent contains "BaiduHD") or (http.user_agent contains "baidu") or (http.user_agent contains "MicroMessenger") or (http.user_agent contains "wxwork") or (http.user_agent contains "QQBrowser") or (http.user_agent contains "QQ") or (http.user_agent contains "QihooBrowser") or (http.user_agent contains "QHBrowser") or (http.user_agent contains "360EE") or (http.user_agent contains "360SE") or (http.user_agent contains "MetaSr") or (http.user_agent contains "Sogou") or (http.user_agent contains "LBBROWSER") or (http.user_agent contains "LieBaoFast") or (http.user_agent contains "2345chrome") or (http.user_agent contains "2345Explorer") or (http.user_agent contains "Mb2345Browser") or (http.user_agent contains "2345Explorer")

8. Click on "use expression builder".

9. The rule will be automatically filled in.

10. Click on "choose action".

11. Select "Block".

12. Click on the "save" button.

13. Confirm that the switch for this rule is turned on. Use a rogue browser to open your website and test if the Block is successful.