Firewall. rule to reject access from California? avoid CCPA

Hi there!

I’m located in Europe, and building a website with customers in the USA but not from California, so, to avoid showing the CCPA message I would like to block my website from being displayed to people accessing from California. I’m using a free Cloudflare Plan. Is that possible?

Cloudflare does not support identifying user’s location by state. You can only block by country.

1 Like

Thank you!


You can use the ip.geoip.subdivision_1_iso_code field documented here. Something like this should work:

((lower(ip.geoip.subdivision_1_iso_code) eq "us-ca") and not

(Unless that field is restricted to certain paid plan types)

It is, it requires at least a Business plan.

Plus, it won’t be too reliable anyhow. Geo-blocking based on countries often gets it wrong, but is still somewhat working. Try to do this on a state or provincial level and you could also use random values.

With a local California-only ISP it might still be accurate, but the moment you use a nation-wide provider that accuracy will be out the window - let alone mobile providers.


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.