Confused about custom rules and hits on AWS load balancer

ankit.mehra · October 26, 2023, 5:21pm

What is the domain name?
gyandhan

Have you searched for an answer?
Yes

Please share your search results url:

When you tested your domain, what were the results?

Describe the issue you are having:

I have added a waf custom rule blocking all requests (not ip.geoip.country in {"AU" "BE" "CA" "DK" "FR" "DE" "IN" "IE" "IT" "NL" "NZ" "NO" "SG" "SE" "CH" "GB" "US" "FI"}) . However, when I look at the traffic data on Cloudflare I can see some entries with 200 status but originating from countries like Pakistan, Ghana, Nigeria. What could be the reason for the same? I do see a vast majority of the requests from these countries are blocked (403) as intended but confused as to why any request is passing at all.
The other issue is that I have added cloudflare in front of my AWS load balancer. If I see 20k 200 status requests in Cloudflare, the corresponding number when I check in AWS waf logs is much higher (order of 10x). Could there be a reasoning for this stark difference in volume I see on the AWS front. I have checked that all hits on the AWS front are from Cloudflare IPs.

system · November 10, 2023, 5:22pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
WAF Custom Rule - country block issues Security	2	41	October 5, 2024
I have rules in place to block certain countries Security	7	735	November 25, 2023
Custom Rules desn't match IP address Security	6	50	July 24, 2024
WAF Custom Rules Not Working Security	6	84	March 8, 2025
WAF custom rule fails to Block the Non USA IPs Security	9	20	November 22, 2024