Block subdomain access to all non-North American IP addresses

Hi,

I would like to block all the subdomain access to all non-North American IP addresses.
So i tried to enter the following rule in the firewall but it doesn’t seem to work:
(ip.geoip.continent ne “NA” and http.request.full_uri eq “https://subdomain.domain.com”) or (ip.geoip.continent ne “NA” and http.host eq “subdomain.domain.com”)

Ideally, I would like anyone outside North America who tries to access the subdomain to be redirected to the main domain. Does anyone have a recommendation?

For your information, I use the Cloudflare free version.

Thank you in advance !

The host is just the host and not a URL, so the following should do the trick.

(ip.geoip.continent ne "NA" and http.host eq "subdomain.domain.com")

This would not redirect anything though, but only block or challenge depending on your selection. If you want a redirect you’d have to use a Worker, though that would require custom JavaScript (-> StackOverflow for details) and would be paid if you have more than 100,000 requests a day.

3 Likes

Hi Sandro,

Thank you for your answer, i really appreciate it!

I’ll try it thank you! Do you know if the rule applies immediately or i have to wait a bit?

Rules should work pretty instantaneously.

One alternative to a Worker could be a custom page, in which case you’d have to block these requests and set up a custom page which then redirects to wherever you want, though this would still require a Pro plan, but you wouldn’t have any request limits. Workers might still be cheaper.

1 Like

That’s weird because i tried to access to the subdomain with a VPN and there is no restriction.
I’ill wait a little bit and try again later.

I also will take a look for the pro version because Workers seem beyond my competence.

Can you mention the hostname where you want that block?

As for Pro, I just wanted to mention a possible alternative. The Worker will be probably more elegant. One other - completely free approach - would be to perform the redirect on your server. As North America is only three countries you can easily check the country on your server and redirect in that case. That would be probably the most reasonable implementation.

1 Like

I’m sorry but I cannot share the hostname unfortunately…

Could the problem come from the fact that the proxy status for the subdomain is configured as “DNS only”?

Absolutely, you need to proxy it, otherwise none of the Cloudflare settings will apply.

1 Like

Ohhh ok that’s why!

And last question, do you know if the Custom page with the pro version could work with the Only DNS proxy status?

Nope, none of the settings will apply. If you want to use anything from Cloudflare you have to proxy.

My advice, don’t bother with Workers nor with custom pages and simply configure the redirect on your server based on mentioned logic. That won’t cost nothing (oh, that beautiful double negative :smile:) and will be the easiest solution and just require a two-liner in your web server configuration (assuming you use Apache).

1 Like

Thank you so much for your time and your help! You’ve answered all my questions.

I wish you a great day!

My pleasure. A lovely day to you too :slight_smile:

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.