Firewall Rules - country and hostname

I’m having two problems with Cloudflare’s firewall (possibly one with two examples instead).

  1. I’m setting up firewall rule: JS challenge all traffic except country: UK. Behaviur: many UK customers gets the JS challenge.

  2. Block all hosts except “www.domain.com” “domain.com” and “m.domain.com”. Behaviour: looks like all visitors get blocked. I had a bunch of people blocked within 2 minutes. They all seemed to be using either “www.domain.com” or “domain.com”.

Am I missing something? Is it possible that some visitors have both “hostname” and “country” values empty? That would explain cloudflare’s behaviour.

Thanks in advance.

  1. Check your Firewall Events Log to see the details of the challenged request.

If you need more assistance, please post a screenshot of your actual firewall rules, or the raw Expression Preview text.

1 Like

Good point, everything looks good to me though.

Here’s what I see from the 2nd example (blocking by hostname).

Rule:
(http.host ne "domain.co.uk") or (http.host ne "www.domain.co.uk") or (http.host ne "m.domin.co.uk")

Here’s the screenshot of the event:

EDIT: “Host” value was just “domain.co.uk

He’s the real MVP then.

The logic here is wrong. The firewall rule will match any hostname, and the block will apply. Replace “or” with “and” and it should work.

3 Likes

That’s it, thanks!

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.