Date Published: January 5, 2024
Block Access to Bad Bots coming from the Huawei Cloud
Issue¶
We are seeing an increase in malicious and/or heavy traffic coming from IP ranges that identify as "Huawei Cloud".
Commonly, these requests may specify user agents noted below:
Mozilla/5.0 (Linux; Android 7.0; FRD-AL00 Build/HUAWEIFRD-AL00; wv)
AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/53.0.2785.49
Mobile MQQBrowser/6.2 TBS/043602 Safari/537.36
MicroMessenger/6.5.16.1120 NetType/WIFI Language/zh_CN
Mozilla/5.0(Linux;Android 5.1.1;OPPO A33 Build/LMY47V;wv)
AppleWebKit/537.36(KHTML,link Gecko) Version/4.0 Chrome/42.0.2311.138
Mobile Safari/537.36 Mb2345Browser/9.0
Mozilla/5.0(Linux;U;Android 5.1.1;zh-CN;OPPO A33 Build/LMY47V)
AppleWebKit/537.36(KHTML,like Gecko) Version/4.0 Chrome/40.0.2214.89
UCBrowser/11.7.0.953 Mobile Safari/537.36
Mozilla/5.0(Linux;Android 5.1.1;OPPO A33 Build/LMY47V;wv)
AppleWebKit/537.36(KHTML,link Gecko) Version/4.0 Chrome/43.0.2357.121
Mobile Safari/537.36 LieBaoFast/4.51.3
Resolution¶
You will need to evaluate options to block this traffic, including rolling your own solution (for example, blocking traffic at .htaccess, or disabling some Drupal features like specific Views/modules/etc.) and/or considering using a WAF or CDN with security features.
Note that sometimes it is difficult to tell "good" from "bad" traffic; you may need to use information available to you like your logfiles, doing some research and testing, etc. to get a good solution. You may need to temporarily sacrifice blocking some "good" traffic along with the bad if you are in an emergency and just need to get your site back up for most of your users.
Here's an example article that can help you block traffic at .htaccess. Note that blocking via a WAF/CDN is the better option.¶
Did not find what you were looking for?
If this content did not answer your questions, try searching or contacting our support team for further assistance.