I set up a rule last week to block certain countries. It was working fine last week as I was seeing all the blocks, but all of a sudden it stopped blocking a certain country and my websites log files show that this country is gaining access. Why did it stop blocking? (The country is still in my firewall rules.
Sorry… Total Newbie here.
So I deleted the country from the rules saved and added it back and its working again. Is this something that might happen often?
It was their auto configuration ( country > equals > xxx) So I don’t think that was the issue but I’ll keep watch to see if I have to re-set it again. Thank you
OK my rules keep breaking because countries I have blocked in the firewall rules keep getting into my website (I find them in the access logs on my server) they are either bypassing cloudflare or my rules keep breaking. Is there a limit to how many entries you can have in a firewall rule such as countries?
The rules should not change unless you change them. Regarding them not working, it’s possible the visitors are bypassing Cloudflare and going directly to your server. Your origin logs should show non-Cloudflare IPs hitting your server if that is the case. (Or, are the log files you referenced in your post your origin logs?)
If non cf IPs show up, I’d connect with your hosting provider and limit connections to the origin server to Cloudflare IPs only. Whitelists Cloudflare IPs and explicitly block traffic not from Cloudflare.
Good resources:
https://support.cloudflare.com/hc/en-us/articles/201897700-Whitelisting-Cloudflare-IP-addresses#7eeWigD4HkcQcEAnIwfzD3
https://support.cloudflare.com/hc/en-us/articles/200170166-Best-Practices-DDoS-preventative-measures
origin logs meaning access logs from my hosting server - yes that’s how I know what country they’re from. (because I see the non cloudflare IP) But also the cloudflare logs show a ton of that country and then all of a sudden no blocks from that country. I turn that country off / save then on again / save and then all of a sudden you see blocks to that country again. So it made it look like the rule was breaking for that particular country.
but then coming in WITH Cloudflare ip is chip35.ru which I’m assuming is from Russia which I am blocking so why is it allowed in?
This topic was automatically closed after 14 days. New replies are no longer allowed.