Block Traffic on Subdomain from Specific Countries

I’v a have website domain in cloudflare i.e domain.xyz, and some subdomain under it like app.domain.xyz, My need to to block app.domain.xyz and similar other subdomains from some specific countries.

When I wrote the WAF Rules for main domain it works
(http.host eq "domain.xyz" and ip.geoip.country in {"SG"})

But as soon as i mentioned subdomain in host it does not work, I’m able to open this and other subdomains easily.
(http.host eq "app.domain.xyz" and ip.geoip.country in {"SG"})

Any hint what’s the solution for this?

1 Like

Is the subdomain DNS record proxied? Does that WAF rule conflict with others? You can show a screenshot of your WAF rules if easier.

No, It’s not proxy. Its CNAME to AWs Amplify.

Then the WAF won’t have any effect as requests are not passing through Cloudflare.

1 Like

What’s the solution in this case?

You will either have to enable the proxy, if that works with your back end service, or firewall it at AWS.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.