Can we add CORS headers to WAF response?

When implementing the Cloudflare WAF, we get some headers stripped from the response. In this case, we are blocking the IPs of a country, and the response does not include the CORS headers. This is causing some libraries to throw an error before get the response. Is there any way of passing these headers on a successful block response from the WAF?

I tried with a Header Modification rule, but it only works for successful responses, not when the request is blocked by the WAF.

I don’t think this is possible. The reason being that anything capable of modifying the header comes after WAF in the traffic sequence.

Ok, unfortunately that’s what I feared. Thanks for your reply!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.