One of the great features of the Event Details screen that pops up when you click on Details in the Firewall Events log is that it lets you block an IP address right there, without having to navigate the UI any further.
When you click on the white-on-green check mark, a IP Access rule is created with the desired action (Challenge, JS Challenge, Whitelist, Block, Filter) and a couple messages appear at the bottom of the screen confirming that the rule has been created.
If the rule already exists for that zone, an error message will tell you just that.
But if there’s a rule for the same action that applies to that IP on all your websites, another rule is created just for the website whose event logs you’re reviewing. This is obviously redundant and as time goes by can add up many unnecessary IP Access rules. Removing these redundant rules on the UI is a boring task. Many users don’t have enough knowledge or familiarity to resort to the API for this.
Ideally, the UI should let us opt to create rules for all websites.
If that’s too much to ask, at least we should be relieved of having to manually remove redundant rules. When a user tries to create a rule to apply an action to a specific IP address, CF should check not only if that specific rule already exists, but also if there’s a rule enforced for that IP on a “All websites” rule.