Block traffic originated from specific sub regions in Ukraine to our domain

spotu · January 13, 2025, 6:11pm

What is the name of the domain?

Additional information

I don’t know/other

What is the issue you’re encountering

What kind of WAF rule can be configured to block such traffic?

What steps have you taken to resolve the issue?

Blocking individual IPs on a case-by-case basis, however we would like to block incoming traffic from specific regions within Ukraine.

What are the steps to reproduce the issue?

N/A

Does this syntax look right?

fritex · January 13, 2025, 10:20pm

You could give it a try using below link:

https://www.maxmind.com/download/geoip/misc/region_codes.csv

Find the region first, then use ip.src.region or ip.src.region_code.
Make sure to have it as and with the ip.src.country as it might be in multiple countries the same region.

You have to use Expression builder for this case. I haven’t tested this yet.

Example (if region Kyiv and Country Ukraine then block):

Helpful article:

For the stated ip.src.subdivision_1_iso_code you’d have to be on a higher paid plan type for your zone as follows:

Topic		Replies	Views
How to block sanctioned sections of Ukraine? Security	2	739	April 29, 2024
Embargoed and Sanctioned Countries: Crimea Security	2	7043	October 8, 2020
Block Traffic on Subdomain from Specific Countries Security	6	423	March 17, 2024
WAF rule to block traffic not from particular continents incorrectly being applied Security Center	6	50	March 6, 2025
How can I block traffic from geographic areas? Getting Started	2	2221	October 2, 2018