Cloudflare Firewall rules order logic - How to permit and then block all

Hello,

We are trying to start to use Cloudflare Firewall rules in order to filter some traffic. Generally, on other firewalls (network devices) we use the following logic:

  1. Block bad traffic
  2. Allow all required traffic
  3. Block any other traffic

But with Cloudflare Firewall we observed that rules can not be duplicated:

config duplicates an already existing config (Code: 10102)

Our rules:

  1. (http.host eq "cf-test.domain.com")
    --> Bypass

  2. (http.host eq "cf-test.domain.com" and is_timed_hmac_valid_v0("my-secret-url-token", http.request.uri,30000, http.request.timestamp.sec,11))
    --> Allow

  3. (http.host eq "cf-test.domain.com")
    --> Block

The issue probably is because rule 3 contains same expression as rule 1. We can replace it with the something like:
(http.host eq "cf-test.domain.com" and http.request.uri contains "/")
--> Block
And it works.

Question is the following

This is the rule and we can’t use same expression for 2 rules? And only one workaround will be to modify second rule to contains some extra conditions?

Similar error on the forum

  1. Firewall rules-specify several conditions then block
  2. Using Terraform to manage firewall rules and filters

Documentation

  1. Cloudflare Firewall Rules
  2. Firewall

Thank you!

1 Like

This can be done in 1 rule.

(http.host eq "cf-test.domain.com" and not is_timed_hmac_valid_v0("my-secret-url-token", http.request.uri,30000, http.request.timestamp.sec,11)) --> Block

1 Like

@cscharff, thank you for the advise - it seems that this solve the issue.

1 Like