Cloudflare Firewall rules order logic - How to permit and then block all

Security
#1

Hello,

We are trying to start to use Cloudflare Firewall rules in order to filter some traffic. Generally, on other firewalls (network devices) we use the following logic:

  1. Block bad traffic
  2. Allow all required traffic
  3. Block any other traffic

But with Cloudflare Firewall we observed that rules can not be duplicated:

config duplicates an already existing config (Code: 10102)

Our rules:

  1. (http.host eq "cf-test.domain.com")
    --> Bypass

  2. (http.host eq "cf-test.domain.com" and is_timed_hmac_valid_v0("my-secret-url-token", http.request.uri,30000, http.request.timestamp.sec,11))
    --> Allow

  3. (http.host eq "cf-test.domain.com")
    --> Block

The issue probably is because rule 3 contains same expression as rule 1. We can replace it with the something like:
(http.host eq "cf-test.domain.com" and http.request.uri contains "/")
--> Block
And it works.

Question is the following

This is the rule and we can’t use same expression for 2 rules? And only one workaround will be to modify second rule to contains some extra conditions?

Similar error on the forum

  1. Firewall rules-specify several conditions then block
  2. Using Terraform to manage firewall rules and filters

Documentation

  1. Cloudflare Firewall Rules
  2. Firewall

Thank you!

1 Like
#2

This can be done in 1 rule.

(http.host eq "cf-test.domain.com" and not is_timed_hmac_valid_v0("my-secret-url-token", http.request.uri,30000, http.request.timestamp.sec,11)) --> Block

1 Like
#3

@cscharff, thank you for the advise - it seems that this solve the issue.

1 Like