My site gets around 3-4k viewers a month but I noticed that someone has been pinging it with uptimerobot (noticed this due to the user agent in the logs).
They are pinging a non existent route in my app, /api/ping, which is resulting in millions of edge requests per month and millions of requests for 404 pages being served in my logs.
I have blocked requests to this route, as well as the uptimerobot user agent, using the Vercel Firewall. This has removed the pings from the Vercel logs entirely, however ,the requests to /api/ping are still being counted in my usage for edge requests - I can see 22,000 today to /api/ping (for context my / route only has 400 edge requests in this same time period), even though I blocked the request in the firewall yesterday. I have read online that denying a request path in the Vercel Firewall doesnt actually stop the edge requests or lower the edge request usage.
Is there no way to block these requests at all and limit my edge request usage? Or am I just at the mercy of this person who is pinging my site thousands of times a day?
UptimeRobot is a website monitoring service. Is that something that you, or one of the other services you’re using, might have set up to track your site?
Something else that might help is the new bot filter we recently launched in beta. If you give that a try, please let us know what you think in the Bot Protection feedback thread
No its not something I, or anyone I know, has set up - I don’t know why the unknown person has done this.
I have not set up persistent actions as im not on the Pro or enterprise plan.
So it seems like there is no real way to stop the edge requests being used as, even though the Vercel WAF is blocking the request, its still counted as a use as its a custom deny rule?
This seems quite counter productive/intuitive. I dont understand why blocking a request from being processed would be a paid feature - if the request isnt being processed doesnt vercel’s usage drop too?
When you use a custom rule to deny a request, there is no charge for WAF free feature use. But some incur Edge Requests (ER) and incoming Fast Data Transfer (FDT) usage may be incurred if those resources are used for routing the request.
You may want to add a robots.txt to your site. That lets you signal to web crawlers and bots that they should not access that page. You can even disallow the whole site for that bot if you like. This page has step-by-step instructions for how to set it up: