Hello, to start with some context, we keep getting a 3rd party app violation because they are not able to render a 200 status ok on our Privacy Policy URL. This seems to be caused by the fact we are blocking all countries except for a select few.
We have country blocking configured in the WAF and the expression is:
(not ip.geoip.country in {“AU”} and not ip.geoip.country in {“SG”} and not ip.geoip.country in {“ID”} and not ip.geoip.country in {“US”} and not ip.geoip.country in {“NZ”})
Is there a way to have a page bypass these rules entirely to allow a single URL to be accessed by countries outside the allowed list?
I have tried to create a page rule with ‘web application: off’ , but when I test it with a VPN, I’m still blocked from accessing the page.
Is there any suggestion on how to maintain the privacy we need but just allow /privacy-policy to be accessible by the rest of the world?
Thanks so much for your help @cbrandt - I updated the expression as follows:
(not ip.geoip.country in {“AU”} and not ip.geoip.country in {“SG”} and not ip.geoip.country in {“ID”} and not ip.geoip.country in {“US”} and not ip.geoip.country in {“NZ”} and not http.request.uri.path in {“/privacy-policy/”} and not http.user_agent contains “Klaviyo/1.0” and not http.user_agent contains “Googlebot” and not http.user_agent contains “Bingbot” and not http.user_agent contains “YandexBot” and not http.user_agent contains “Klaviyo”)
It seems to be working, I tested /privacy-policy/ via VPN and it’s accessible which is good. I also added known bots as well as other user agents which need access to our site.
