Block referer custom waf rule is not working

What is the name of the domain?

What is the error number?

no error number

What is the error message?

no error message

What is the issue you’re encountering

we want to block traffic where referer is “urlumbrella.com” and some of bad referer, but still cannot block traffic.

What steps have you taken to resolve the issue?

we made a custom waf rules as

(http.referer contains “grets”) or (http.referer contains “seders”) or (http.referer contains “urlumbrella”) or (http.referer contains “kar.razas”) or (http.referer contains “trast.mantero”) or (http.referer contains “game.fertuk”) or (http.referer contains “ofer.bartikus”) or (http.referer contains “garold.dertus”) or (http.referer contains “games.patlik”) or (http.referer contains “rida.tokyo”) or (http.referer contains “trafficpeak.io”) or (http.referer contains “leadsgo.io”)

but

but this rule cannot block traffic. what am i doing wrong ?

Appears to work fine

$ curl -I https://esimjapan.com/ -H 'Referer: http://urlumbrella.com'
HTTP/2 403

yes. but on our GA4, we can see that traffic was passed to server.

look at screenshot of GA4
it is from 2024/06/01 to 2025/06/30.

there is spike near by june 23.
it is referral where is urlumbrella

image2018×1068 195 KB

That is not a reliable source and these connections might even be direct without involving Cloudflare. Make sure only the IP addresses from IP Ranges can connect.

The rule itself is working.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.