Cloudflare Firewall rules order logic - How to permit and then block all


We are trying to start to use Cloudflare Firewall rules in order to filter some traffic. Generally, on other firewalls (network devices) we use the following logic:

  1. Block bad traffic
  2. Allow all required traffic
  3. Block any other traffic

But with Cloudflare Firewall we observed that rules can not be duplicated:

config duplicates an already existing config (Code: 10102)

Our rules:

  1. ( eq "")
    --> Bypass

  2. ( eq "" and is_timed_hmac_valid_v0("my-secret-url-token", http.request.uri,30000, http.request.timestamp.sec,11))
    --> Allow

  3. ( eq "")
    --> Block

The issue probably is because rule 3 contains same expression as rule 1. We can replace it with the something like:
( eq "" and http.request.uri contains "/")
--> Block
And it works.

Question is the following

This is the rule and we can’t use same expression for 2 rules? And only one workaround will be to modify second rule to contains some extra conditions?

Similar error on the forum

  1. Firewall rules-specify several conditions then block
  2. Using Terraform to manage firewall rules and filters


  1. Cloudflare Firewall Rules
  2. Firewall

Thank you!

1 Like

This can be done in 1 rule.

( eq "" and not is_timed_hmac_valid_v0("my-secret-url-token", http.request.uri,30000, http.request.timestamp.sec,11)) --> Block

1 Like

@cscharff, thank you for the advise - it seems that this solve the issue.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.