Firewall Rules - country and hostname

bart2 · February 15, 2021, 12:48am

I’m having two problems with Cloudflare’s firewall (possibly one with two examples instead).

I’m setting up firewall rule: JS challenge all traffic except country: UK. Behaviur: many UK customers gets the JS challenge.
Block all hosts except “www.domain.com” “domain.com” and “m.domain.com”. Behaviour: looks like all visitors get blocked. I had a bunch of people blocked within 2 minutes. They all seemed to be using either “www.domain.com” or “domain.com”.

Am I missing something? Is it possible that some visitors have both “hostname” and “country” values empty? That would explain cloudflare’s behaviour.

Thanks in advance.

sdayman · February 14, 2021, 9:15pm

If you need more assistance, please post a screenshot of your actual firewall rules, or the raw Expression Preview text.

bart2 · February 14, 2021, 9:42pm

Good point, everything looks good to me though.

Here’s what I see from the 2nd example (blocking by hostname).

Rule:
(http.host ne "domain.co.uk") or (http.host ne "www.domain.co.uk") or (http.host ne "m.domin.co.uk")

Here’s the screenshot of the event:

EDIT: “Host” value was just “domain.co.uk”

bart2 · February 14, 2021, 9:46pm

He’s the real MVP then.

michael · February 15, 2021, 12:47am

The logic here is wrong. The firewall rule will match any hostname, and the block will apply. Replace “or” with “and” and it should work.

bart2 · February 15, 2021, 12:47am

That’s it, thanks!

system · February 16, 2021, 12:47am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.