Allow few countries to access the website

What is the name of the domain?

NA

What is the error number?

Website is accessible ( no error number )

What is the issue you’re encountering

WAF rule is not working

What steps have you taken to resolve the issue?

  1. Re-validated rule per documentation Allow traffic from specific countries only | Cloudflare Web Application Firewall (WAF) docs

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Flexible

What are the steps to reproduce the issue?

Since i cannot put the original website, I am putting this as an example: https://xyz.sk.com/in_in...however, i can post the rule here
Objective: I want the website to be accessible only from India, Belgium, Netherlands & Ireland and should give a default Cloudflare block page ( i.e 403 ) if traffic originates from the countries listed above.

Rule is (ip.geoip.country ne “NL”) or (ip.geoip.country ne “IN”) or (ip.geoip.country ne “IE”) or (ip.geoip.country ne “BE”)

However, the website works ( tested from NL, India ) .

Note: there are additional rules that are in effect after this where the website it restricted only to work from allowlisted IP addresses.

As you are using ne, you need to use AND between the terms instead of OR.

Make sure your DNS record is proxied.

Use only “Full (strict)” or “Strict” so your users’ data is encrypted between Cloudflare and your origin.

2 Likes

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.