Firewall Rule not working for me

Hi, I added a firewall rule to block any URI that contains wp-login.php and excluded my IP address. I used a VPS to change my IP and I was able to login on a different IP. Please what can I do?

May I ask URI path or some other?
May I ask you to post your expression of your Firewall Rule you have crated and used?
Do you have any other Firewall Rule(s)?

How about using a VPN connection, or for example putting your home ISP IP address, and then test using your mobile data (cellular, LTE, EDGE …) if you can access via your phone or do you actually get the 1020 Access Denied Cloudflare page?

The correct one which works for me (Block all the requests which contain wp-login.php, even some query parameters after in case of a URL redirection, etc. except if the requests is comming from my IP address) would look like below:

  • (http.request.uri.path contains "wp-login.php" and ip.src ne 1.2.3.4)

This is what mine looks like

Generally I use URI path and it works in all sort of combination with AND operators.

From your screenshot, try changing URI to URI path.

Furthermore, may I ask are you going straight to the https://www.yourdomain.com/wp-login.php or like /wp-admin/ which redirects you to wp-login.php (something)?

Just to add a note here, in between modifying your Firewall Rules, kindly wait for a few minutes to apply the new chnages and re-check if it works.

Helpful articles:

From below examples, also used URI.path and ip.src ne <ip>:

Do you also have some Page Rules or some URL Normalization setup?

Am going straight to https://www.yourdomain.com/wp-login.php

It still doesn’t work or is it because of the caching plugin am using. Am using Lightspeed cache plugin

Okay, great.

That’s interesting.

And the Firewall rule is the 1st one from above in the Firewall Rules list, or?
Therefore, it’s surely being enabled right (green slide toggle)?

Example of active (enabled) Firewall Rules:

May I ask, are the A type DNS records (yourdomain.com and www) both being proxied :orange: at the DNS tab of the Cloudflare dashboard for your domain?

Okay, meaning if you set it up right, may I ask to write your domain name so I could test if I can access wp-login.php from my home country, or even using a VPN connection and post back here the results I get, if so?

Have you tried openning it in a Private Window or clearing your Web browser cache?

May I also ask, in any log file like access.log, etc., do you see your own IP address or the IP address which belongs to Cloudflare?

No, I disabled the proxy for my yourdomain.com I was having issues using my yourdomain.com:8090 to login to my CyberPanel so I disabled it and I was able to use my domain to login to my CyberPanel.

I am afraid that is expected behaviour as far as any Cloudflare option, including the Firewall Rules do not apply to DNS-only :grey: hostnames.

  • applies and works only to the :orange: ones …

Furthermore, the port 8090 is not supported and compatible with Cloudflare as follows at the below article:

You could try to, if possible, to use some other port from the article above (listed ports which are supported and compatible to work over proxied :orange: hostnames).
Can you change it somehow?

In case if you could change the listening / default port somehow … there would also be a good question if it would work over HTTPS (having the valid SSL certificate?) …

If below article could help here:

Or, maybe if you could try to setup and use some kind of a Load Balancer (like Kemp - a good source video here: you need to learn Load Balancing RIGHT NOW!! (and put one in your home network!) - YouTube) so like inside your network it works over 8090, but on the outside it works over 443 or 8443 or some other from the list above?

A cite from my above statement:

HTTPS (having the valid SSL certificate?

In case you do not have and cannot issue one, you could generate and install Cloudflare CA Origin Certificate using the instructions from below article:

A helpful article and tutorial how to propperly setup SSL with Cloudflare can be read and implemented as from below:

Therefore, you would have the Full (Strict) SSL connection to your CyberPanel, proxied :orange: via Cloudflare and whola! :wink:

From my understanding, I believe you could also try to setup a sub-domain like cp.ziddah.com:port or some other, for which you can then allow only your IP as the “whitelisted” for the access, while keeping and having the “naked” domain and other sub-domains available for some other needs and applications, etc.

It works after turning on the proxy. I am trying to access the CyberPanel without port 8090 using the first article.
Am stuck at this step because when I enter /usr/local/lsws/conf/httpd_config.conf I get error path not found.

Maybe you are using Apache or Nginx as a Web server, rather than a LiteSpeed which could lead to a different path for the config / vhost file, or is being installed in a different path (hopefully not misconfigured) due to your OS, if so? - just guessing.

Maybe of a help a bit:

A post was merged into an existing topic: Firewall Rule to allow page logout for subscribers