Prevent bot spamming logs
We often see a lot of errors in the application logs related to bots spamming the website with URL requests that do not even exist, quite often these end in .php extension; example: https://[ConfiguredCommerceURL]/admin/function.php. These seem to be attacks that try to find vulnerabilities on the website. While often times these are harmless, they do pollute the application logs, making it harder for developers to find actual errors that are worth reporting. This feature request is to simply capture that kind of spam requests and simply block them, without processing anything else (these often come with errors such as 'Unity.Exceptions.InvalidRegistrationException' that arise from trying to find dependencies), upon finding out that the request is simply not valid as there should simply not exist any PHP resources on a Configured Commerce website, they should simply be blocked without actually logging an error. If we want to keep these maybe they should be logged somewhere else than the application logs so they could be more easily analyzed? maybe a list of these requests including the origin IP address.

-
Hi Leonardo, first off thank you for the feedback and details! Management of bots for Configured Commerce environments is something we are already considering for our roadmap, most likely via Cloudflare controls (although we still need to do some solutioning). I don't have a definitive timeline as of yet for you, but it is something we are hoping to dig into further in 2025.