Domain Restriction Advice

Hi
I’m looking for advice on the most effective method to filter an entire domain in a Cloudflare . I attempted to block it using WAF settings and added it as a hostname with the expression *.rn. I’m unsure whether I should use .rn or *.rn to block the entire top-level domain. Any guidance on this would be appreciated?

Expression Preview:
(http.host contains ".vn ")

Hi there,

Can you clarify what is your end result, or what are you attempting to achieve from doing this?

For example, you wish to restrict all users from TLD .vn, but what if the site owner comes back with a .com and still is able to access your site?

Thank you.

Hi,
Thanks for your response to this post. We’ve encountered spam from .rn and numerous bot attacks. I’m uncertain about the best practices for this scenario, but my goal is to ensure comprehensive blocking of any potential future spam and attacks from the entire domain. do you have any advice on this matter?

http.host is the host header in the request. That host header will be your domain. It sounds like you want a reverse lookup on the IP address of a visitor which isn’t possible / is unlikely to include the information you’re looking for even if done.

You can try blocking the IP addresses / ASNs of the bots or look at bot management or a tools for your platform specifically designed to weed out spam posts.

2 Likes

I’m not quite sure if I’m following! Let me explain what I have in mind: Cloudflare functions as a reverse proxy, directing all domain access attempts through Cloudflare IPs. My aim is to block incoming requests from any domain ending with .rn.

Additionally, I’ve attempted to restrict the entire domain through Cloudflare’s WAF settings, as shown in the snapshot below. Not sure if this method is effective and why? and what else I could possibly do to achieve my goal.

Incoming requests don’t come from a domain. At best they might contain a referrer header Firewall rule to block referers other than the sites domain but they probably won’t.

Hostname is a field which corresponds to www.example.com where you own the domain example.com, it’s never going to be a domain/hostname you don’t control / manage in Cloudflare.

The WAF rule you have above says for any .rn domain in my account when a request is received for that domain from outside from anyone, block it.

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.