Firewall Rule not Working as Expected

oneandonlyjason · March 12, 2023, 5:20pm

Maybe someone sees my Error here.
I have a Firewall Rule like this:

“(http.host eq “subdomain.example.com” and http.user_agent ne " Dart/2.18 (dart:io)”) or (http.user_agent ne “VLC/3.0.17.3 LibVLC/3.0.17.3”)"

The Action is Block.
How i Understand the Rule, Cloudflare should look if the Hostname is exactly “subdomain.example.com”. When it is it should check if the User-Agent does not equal “Dart/2.18 (dart:io)” or “VLC/3.0.17.3 LibVLC/3.0.17.3” and when this is the Case it should block. When the User Agent is one of the Both Mentioned it should allow the Request.

The Rule doesnt work. But the Bigger Problem here is that Cloudflare also Blocks the Traffic for all other Subdomains.

Someone has an Idee what my Error is?

cbrandt · March 12, 2023, 7:07pm

You’ve misplaced the OR logical operator.

Try instead http.host AND ne ua1 AND NE ua2. Firewall will only block if the 3 conditions are met, so if you use any of these two UAs, you will not be blocked.

Use OR when you have specific UAs to block.

oneandonlyjason · March 12, 2023, 9:18pm

That works, thanks!

cbrandt · March 13, 2023, 1:05pm

A post was split to a new topic: Firewall Rule to block bots from radio station

system · March 16, 2023, 1:06pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.