Does a firewall rule with action allow bypass the WAF?

firewall

#1

I would like to be sure that an allow rule does not disable any cloudlare feature. Can somebody confirm that this is the case?

What I would like to do is to allow certain IP Addresses and Countries with one or more rule. And this requests should pass the proxy as if there were no rules at all. Then I am going to block all requests to specific hosts at the bottom.

The Idea is to allow only specific IPs or Countries to some hosts but use all features like caching, performane and security for the requests allowed.

Thanks, Rene


#2

Just tried it, making an “allow” rule doesn’t disable WAF (you can confirm this by going to example.com/.git/HEAD), but the “allow” rule being above other rules does make it so those other rules don’t trigger.