What is the name of the domain?
What is the error number?
What is the error message?
Access denied. You have do not have access to cfh.winterroot2.com
What is the issue you’re encountering
I have setup a custom WAF rule to block all access to my development site except IP’s belonging allowlisting IP’s. However, I am encountering the WAF block Ip’s that are allowlisted. The firewall events shows exactly the rule blocking what it is not suppose to block.
What steps have you taken to resolve the issue?
I tried to update the lists, rewrite the rule and also specified the individual IP to be allowlisted but no success.
Was the site working with SSL prior to adding it to Cloudflare?
Yes
What is the current SSL/TLS setting?
Full (strict)
What are the steps to reproduce the issue?
This is the rule expression:-
(not ip.src in $amasty and not ip.src in $stripe_webhook and ip.src ne 210.10.1.203) => Block
I access from 210.10.1.203. The expression is not suppose to block since the IP is 210.10.1.203