Confused about custom rules and hits on AWS load balancer

Answer these questions to help the Community help you get started.

What is the domain name?
gyandhan

Have you searched for an answer?
Yes

Please share your search results url:

When you tested your domain, what were the results?

Describe the issue you are having:

  1. I have added a waf custom rule blocking all requests (not ip.geoip.country in {"AU" "BE" "CA" "DK" "FR" "DE" "IN" "IE" "IT" "NL" "NZ" "NO" "SG" "SE" "CH" "GB" "US" "FI"}) . However, when I look at the traffic data on Cloudflare I can see some entries with 200 status but originating from countries like Pakistan, Ghana, Nigeria. What could be the reason for the same? I do see a vast majority of the requests from these countries are blocked (403) as intended but confused as to why any request is passing at all.
  2. The other issue is that I have added cloudflare in front of my AWS load balancer. If I see 20k 200 status requests in Cloudflare, the corresponding number when I check in AWS waf logs is much higher (order of 10x). Could there be a reasoning for this stark difference in volume I see on the AWS front. I have checked that all hits on the AWS front are from Cloudflare IPs.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.