Always allow requests from a specific network?

We have a network making a large number of legitimate (but malicious-looking) requests to our website that Cloudflare is flagging which leads to a block against that network. We have the “Security Level” set to “essentially off” and via domain > Security > WAF I have added the network with an “Allow” rule.

The traffic from this network could be considered malicious (e.g: a spike of thousands of requests per second) so it is understandable that Cloudflare is flagging it but I’d like to find a way to explicitly allow this traffic as it’s not malicious in this context (requests to a static page which Cloudflare is serving from the cache and that the origin can serve if Cloudflare passed them through).

That should have done it. When you check security events what product do you see causing the blocks?

Are you using any other Cloudflare products such as Workers, Pages, R2?

1 Like

Ah! Thank you. “HTTP DDoS” is listed as the service which appears to be a different configuration from the WAF. Looking at the “HTTP DDoS” settings:

HTTP DDoS attack protection is always enabled. To customize the ruleset behavior, create a DDoS override.

Looking into the ruleset options, there’s an option “HTTP requests causing a high overall request rate (origin and cached)” which is currently set to “High”. Is changing that to “Essentially off” roughly what I’m looking for?

Thanks,

Yes, you would need to do that.

2 Likes

Thank you very much. I’ve made the change and I will report back here once I’m able to confirm that it worked.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.