When you post a link on Facebook, the URL will be acessed by Facebook bot in order to get the details of that page or article.
Sucuri Firewall won’t block good bots such as Google, Bing, Facebook, etc., by default, but there are special filters that could interfere with the bot activity on your website, we’ll discuss them in the next lines.
To check if the solutions described here work without having to post often to Facebook, you can use the Facebook Sharing Debugger.
One of the most used WAF features, Geo Blocking allows you to filter exactly which country or region can view or interact with your website. While not by itself a bulet-proof method, it decreases resource usage on the hosting server and can be very useful in blocking a large scale DDoS attack.
To better handle and speed the delivery of content, Facebook has several facilities around the world. According to datacenters.com website, Facebook operates datacenters in the United States, Ireland, England, Sweden and Denmark.
If Geo Blocking is set to block any of these countries, links may not be accessible by the Facebook bot, despite our best efforts to whitelist well known bots. Therefore, we recommend not blocking any of these countries, nor the regions of Europe and the United Kingdom.
There is a security filter called "Emergency DDoS Protection", it’s located on the Security tab of the WAF dashboard:
If the redirection message rings a bell, then you must disable Emergency DDoS filter to prevent the block.
Agressive Bot Filter
Sucuri WAF will by default block bad requests, but to increase the protection towards bots, there is a filter called "Agressive Bot Filter" also located on the Security tab of the WAF dashboard.
The "aggressive bot filter" is not known to cause problems with legitimate bots, such as the Facebook bot, but if you have tried unsuccessfully the first two solutions and have this filter enabled, disabling this filter could help.