Cloudflare firewall rules DONT work

I have an /api/ folder on my web server that serves REST API to my software. For a reason I dont know, one of my clients cant access the API anymore. On the firewall logs I see:

27 Jul, 2020 13:45:09

Security level

So what I did is to add two firewall rules:

  1. IP Whitelist equals the customer IP to “Allow” mode
  2. URI contains /api to “Allow” mode.

I can see on rules the traffic and a small graph on the activity last 24 hours.

But guess what, that specific customer still can’t access my API, on firewall logs I still see Challange/Block for that IP, even it is whitelisted both with the URI.


Then, I added a page rule* to Disable Security and guess what, I still see the Challange/Block for that IP.


Ok Cloudflare thank you for that, it really helps!!

Cloudflare security features are spread among several layers. As you can see on the chart below, Security Level comes after Firewall Rules. A Firewall Rule with an Allow action would only allow the IP for the remaining Firewall Rules.

You should try changing your Page Rule from “Disable Securiy” to Security Level: Essentially Off.

Disable Security will disable several features, but will not change the Security Level for a zone or path.

1 Like

well thank you very much, that page rule change helped me.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.