Hi
how can I block every country with a firewall rule except the Netherlands (in my case)?
but ONLY for my subdomains…?
so my root domain should remain accessible for everyone in the world (e.q. domain.com)
but sub.domain.com + sub1.domain.com etc… needs to be blocked from every country except the Netherlands.
is there a way to use a wildcard? (*)
Thanks in advance.
thanks for your reply. I have tried your suggestion but it seems that other countries can still reach my subdomain (I have tested with a proxy)
(http.host ne “domain.com” and ip.geoip.country ne “NL”)
this is also not working:
(not http.host contains “domain.com” and ip.geoip.country ne “NL”)
Is your main website contains www in front of your domain name?
Hi eric
No iam only using https://domain.com or https://sub.domain.com
I have just tested Eric’s rule on my own domain and it works as expected, make sure you don’t have another Firewall rule that is allowing them through, and ofcourse make sure that you replace domain.com with your own domain
Hi
So it works if you’ve got 1 subdomain right? But i have like 86 subdomains which i want to block.
So is there a way to block all countries for all of my subdomains by using a wildcard for instance?
except the rootdomain and the Netherlands
That’s exactly what Eric’s rule does, by saying hostname does not equal
I have tested it with CNAME and A records and it blocks both of them (when I am not in the matching country), and allows me when I am
it works now , thanks to Eric’s solution. I had cloudflare disabled on the site, stupid…
thanks for the support!!!
Thanks for testing it out @soldier_21
@johnboesh the firewall expression that I shared earlier will do the same thing, so we don’t have to go through the hassle of using regular expressions to match wildcard subdomains.
Anyway, try to visit your website with the proxy again, by adding this URL path: /cdn-cgi/trace. It would be something like this for example: www.cloudflare.com/cdn-cgi/trace.
After that, share with us your loc value.
Great to see that. You are welcome. Please ignore my previous reply.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.
