Is the website Proxied 
?
You cannot access a proxied website using an IP address in the URI, you will get a 403 forbidden message. A WAF rule like this will never work, as the requests never get to your account. (Cloudflare has no way to know that the user intended to access your website, and not one of the millions of other Cloudflare proxied websites).
If you are trying to block people getting direct access to your Origin, then you have to make that configuration on your Origin.
Are you trying to block requests from a particular IP address? That would use a rule like ip.src eq xxx.xxx.xxx.xxx