Firewall rules ignored

All firewall rules have been ignored for the past 3 hours. All transactions that I have blocked show as allowed.

We’re going to need a lot more information than that - do you have an example of a rule & and a request that should have been blocked by the aforementioned rule?


Look at the first screenshot’s Expression - your second screenshot is not the rule that allowed the first one.

Take a screenshot of your firewall rules page overall.





Rule #2 is an Allow rule. That’s the rule your event log indicates was triggered and allowed the request.

1 Like

I know the rule severity and have ranked the rules accordingly. Until 3 hours ago, all the rules were working as I set, but now all the rules are shown as allowed on the log screen.

Any User-Agent that does not contain ev-crawler will match your Allow rule.

Do you have an example of this? Your original screenshot of the activity log showed an Allow rule being Allow, which is expected.

1 Like

That doesn’t answer the question though - if all of those requests are matching Bilinen Botlar then that means that your Allow rule is using the Allow action, which is as it should be.

The issue with them matching that rule however is a misconfiguration of your rule.

Here the “or” operator is used. If there was an “and” operator, what you said would be valid.

As I wrote before, all the rules were working correctly until 3 hours ago. I didn’t make any edits. I hope the problem is solved.

If you’re certain that nothing in your rules has changed then the only selector you’re using which can change is Known Bots which can change at any time and is completely out of your control.

Expression1 and Expression2 or Expression3

This means ‘match when Expression 1 and Expression 2 are both true or when Expression 3 is true.’

Your original and block is grouped with parentheses which doesn’t change anything but makes this pretty explicit. Your entire and block is a single expression - which is not met.

Then, you have lots of or conditions and then SemrushBot would match against the
or (not http.user_agent contains "ev-crawler").

If we simplified it like this…

(1 and 2) or (not http.user_agent contains "ev-crawler")

This rule would match if 1 & 2 are both true, or if the 3rd expression is true. In this case, every User-Agent that does not contain ev-crawler would match this allow rule.

If you think my interpretation is wrong, remove the ev-crawler part from your rule and that’ll give you a guaranteed answer.

3 Likes

I deleted all the content in the known bots rule and created it as follows.

And the rule was ignored. Where did I go wrong? I was blocking the bot with this rule before.

Sorry, I should use “and” instead of “or” operator. I will post the result again. Please ignore the above message.

Finally got what I wanted. Rule 2 ignored ‘SemrushBot’ as known bot and rule 3 succeeded. I guess I should fix the bots rule more broadly. Thank you for your patience.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.