I have created Firewall rule which blocks request if

1. Request URI full contains “test” AND
2. IP Source Address is not in {IPAddress}

where IPAddress is static IP address which is only allowed to access that URI.
This is working fine for me, I can see my IP listed which is blocked and request is also denied.
But it is not certainly not working for the users in South Africa, they are able to access.
Our main website is .co.za only and customer base is from country South Africa only.
I have confirmed with my cusotmers in SA but they are able to access even if IP is not matched.
I can also see none of the request is blocked from South Africa.

Either you have South Africa whitelisted somewhere or they are connecting directly.

What’s the domain?

Thank you for the reply, but I am sure only one static IP is whitelisted in the rule and they are definitely not accessing through that IP (I have cross checked). And they are not connecting directly as I have checked network logs/ traffic as well, surely going through Cloudflare. Domain is netflorist.co.za.

How did you check they are not connecting directly?

Can you post a screenshot of https://dash.cloudflare.com/?to=/:account/:zone/security&country=ZA&time-window=4320?

And it appears as if “test” was not blocked altogether - sitemeer.com/#https://netflorist.co.za/test

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.