Firewall rule is blocking IP on whitelist

What is the name of the domain?

https://cfh.winterroot2.com

What is the error number?

1020

What is the error message?

Access denied. You have do not have access to cfh.winterroot2.com

What is the issue you’re encountering

I have setup a custom WAF rule to block all access to my development site except IP’s belonging allowlisting IP’s. However, I am encountering the WAF block Ip’s that are allowlisted. The firewall events shows exactly the rule blocking what it is not suppose to block.

What steps have you taken to resolve the issue?

I tried to update the lists, rewrite the rule and also specified the individual IP to be allowlisted but no success.

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full (strict)

What are the steps to reproduce the issue?

This is the rule expression:-
(not ip.src in $amasty and not ip.src in $stripe_webhook and ip.src ne 210.10.1.203) => Block

I access from 210.10.1.203. The expression is not suppose to block since the IP is 210.10.1.203

Screenshot of the error

Your rule only allows 210.10.1.203 in when its also in $amasty and not in $stripe_webhook all at the same time

If 210.10.1.203 is not in $amasty then it correctly gets blocked

You probably need OR’s instead of AND’s

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.