Cloudflare blocks IP that should not , shows different country than it is

Hello guys and girls
We have an issue with one of our domains that are protected by Cloudflare.

We have enabled on WAF to block IP’s originating from some countries , one of them is Brazil.

So a client of ours tries to access our website using the IP : 208.127.27.237 , but he can’t , as cloudflare detects it is from Brazil
The error message he receives is (translated from Greek): I’m sorry you’ve been blocked. You cannot have access to that domain

As i check the IP , it seems to be from Greece , not Brazil.

I don’t want to add exception to the WAF rules for that IP, i just want to know why Cloudflare thinks that the IP is from Brazil.

Can anyone help us with this problem?
Do you know of any other solution than creating exception in the WAF?

Thank you
Andreas

Cloudflare uses a third party for geo-ip data…

…but seems to be getting the location as Greece as you are expecting…
https://radar.cloudflare.com/ip/208.127.27.237

You can try here, this reports the Cloudflare geo headers passed to my site…
https://cf.sjr.org.uk/tools/connection

2 Likes

Thank Sjr
First you have done a very good job with your website
Also thanks for sharing the Radar link. I will be using it a lot.

So what do you think the problem might be here?

1 Like

Can you show a screenshot from the security events log where the request was blocked?

Does it show the correct country using my page? Or is that too reporting wrong?


Attached is the screenshot.
Your tool checks only my IP address. i didn’t see anywhere to enter another IP.
But cloudflare radar as you mentioned , shows the country as “Greece”

The IP address is for Google Cloud, maybe it’s an anycast IP address so appears to be in several locations. Others may know.

2 Likes

Indeed Sjr
i contacted support via chat and the below is what they informed me ( just writing it down so that someone might use this)

" Ok. I know what’s happening
That was an IP that changed location
When an IP changes geolocation, the information is updated at different times in different components. Usually, the firewall events list the geolocation as it was seen in that particular edge server at that particular moment when the firewall event took place.
What happens is that our edge server needs to reload in order for the new database to be used, this means different datacenters may see different geolocations for the same IP address until the update occurs in every Cloudflare datacenter.
This is normal and expected, and the issue will resolve itself in a few days. Unfortunately, there’s no way to speed up this process.
"

Thanks a lot Sjr for your assistance … kudos to you my friend!

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.