Firewall rule - block css and JS erroneously

Hello Cloudflare Community Superhero’s!

A firewall rule I’ve been using more than 3 years now, which has not changed during this time, recently started blocking website resources of 2 staging sites when accessed from Australia. To be clear, the firewall rule does not block the live site resources but does block resources from the 2 staging sites.

TROUBLESHOOTING
Used a VPN to load both staging sites from the US and from Europe successfully… the firewall rule allows all staging site resources.

LIVE SITE
OohLaLaZouk

CLONE SITES
OohLaLaZouk - Clone 1
OohLaLaZouk - Clone 2

BLOCKED RESOURCES
1 CSS file and 1 JavaScript file.

/wp-content/themes/porto-child/style.css
/wp-content/themes/porto/js/libs/owl.carousel.min.js

FIREWALL RULE
A copy of the firewall rule is below. I’ve placed each part of the rule expression on a separate line to make it easier to read.

I appreciate your time and any advice can give me to try to figure this out, so, a BIG thank you!

FIREWALL RULE EXPRESSION

(http.request.uri.path contains "/.htaccess") or 
((http.request.uri.path contains "/wp-content/themes/" or 
http.request.uri.path contains "/wp-content/plugins") and http.referer eq "") or 
(http.request.uri.query contains "author_name=") or 
(http.request.uri.query contains "author=" and not http.request.uri.path contains "/wp-admin/export.php") or 
(http.request.full_uri contains "wp-config.") or 
(http.request.uri contains "setup-config.") or 
(http.request.uri.path contains "/wp-content/" and http.request.uri.path contains ".php") or 
(lower(http.request.uri.path) contains "phpmyadmin") or 
(http.request.full_uri contains "<?php") or 
(http.cookie contains "<?php") or 
(raw.http.request.uri contains "../") or 
(raw.http.request.uri contains "..%2F") or 
(http.request.uri contains "passwd") or 
(http.request.uri contains "/dfs/") or 
(http.request.uri contains "/autodiscover/") or 
(http.request.uri contains "/wpad.") or 
(http.request.full_uri contains "webconfig.txt") or 
(http.request.full_uri contains "vuln.") or 
(http.request.uri.query contains "base64") or 
(http.request.uri.query contains "<script") or 
(http.request.uri.query contains "%3Cscript") or 
(http.cookie contains "<script") or 
(http.referer contains "<script") or 
(http.request.uri.query contains "$_GLOBALS[") or 
(http.request.uri.query contains "$_REQUEST[") or 
(http.request.uri.query contains "$_POST[" and ip.geoip.country ne "AU") or 
(http.request.uri.path contains ".js.map") or 
(http.request.uri.path contains "license.txt") or 
(http.request.uri.path contains ".log") or 
(http.request.uri.path contains ".ini")