Firewall rule doesn't work for root domain but works for www subdomain

I want to setup a firewall rule that blocks all traffics outside US. However, it works for, but not

In my DNS configuration, I’ve set two CNAME — CNAME @ and CNAME www.
In my firewall configuration, I set 1 rule to block all non-US traffic.

Does anybody know what am I missing here?

Post a screenshot of that firewall rule, as well as of your list of rules.

Surprisingly, it works now, for both root domain and www subdomain. I just configured it a few hours ago, maybe it takes time to propagate through.

Here is also the screenshots of my configurations.

Do you want to block known bots as well? That is what the rule currently does.

I think so. I guess it might be helpful to prevent DDOS attack.

Known bots are Google’s, Microsoft’s, etc. while indexing for their search engines. I doubt you want to block those.

Thanks for letting me know that. I’ll remove the rule of blocking known bots.

This will block mostly search engine crawlers. Not sure this is what you want.

If you remove that expression you only check for the country, which would block everyone but the US. Though that depends on your overall rules, hence the question for your rule list.

Seems to work, only the US checkpoint gets through