Block Access to Bad Bots coming from the Huawei Cloud

Issue

We are seeing an increase in malicious and/or heavy traffic coming from IP ranges that identify as "Huawei Cloud".

Commonly, these requests may specify user agents noted below: 

Mozilla/5.0 (Linux; Android 7.0; FRD-AL00 Build/HUAWEIFRD-AL00; wv)
 AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/53.0.2785.49 
 Mobile MQQBrowser/6.2 TBS/043602 Safari/537.36 
 MicroMessenger/6.5.16.1120 NetType/WIFI Language/zh_CN

Mozilla/5.0(Linux;Android 5.1.1;OPPO A33 Build/LMY47V;wv)
 AppleWebKit/537.36(KHTML,link Gecko) Version/4.0 Chrome/42.0.2311.138
 Mobile Safari/537.36 Mb2345Browser/9.0

Mozilla/5.0(Linux;U;Android 5.1.1;zh-CN;OPPO A33 Build/LMY47V)
 AppleWebKit/537.36(KHTML,like Gecko) Version/4.0 Chrome/40.0.2214.89
 UCBrowser/11.7.0.953 Mobile Safari/537.36

Mozilla/5.0(Linux;Android 5.1.1;OPPO A33 Build/LMY47V;wv)
 AppleWebKit/537.36(KHTML,link Gecko) Version/4.0 Chrome/43.0.2357.121
 Mobile Safari/537.36 LieBaoFast/4.51.3

Resolution

You will need to evaluate options to block this traffic, including rolling your own solution (for example, blocking traffic at .htaccess, or disabling some Drupal features like specific Views/modules/etc.) and/or considering using a WAF or CDN with security features.

Note that sometimes it is difficult to tell "good" from "bad" traffic; you may need to use information available to you like your logfiles, doing some research and testing, etc. to get a good solution. You may need to temporarily sacrifice blocking some "good" traffic along with the bad if you are in an emergency and just need to get your site back up for most of your users.

Here's an example article that can help you block traffic at .htaccess. Note that blocking via a WAF/CDN is the better option.

• https://acquia.my.site.com/s/article/4408794498199-Block-excessive-crawling-of-Drupal-Views-or-search-results