Can anybody tell me the order it is evaluated? Which one takes precedence over the other?
Another one is…
e.g. I have a Zone Lockdown rule isolating all non-public URLs.
How can I allow an IP address to access one of those URLs that are blocked by Zone Lockdown?
Should I create a Firewall Rule to simply allow an IP if the hostname/url is that single Internal URL?
Should I create a Firewall Rule with conditions that If the IP is xx.xx.xx.xx AND hostname is equal to THAT_ONE_DESIRED_URL_TO_ACCESS, Action “Bypass Zone Lockdown”
Can anybody tell me the order it is evaluated? Which one takes precedence over the other?
You can find a diagram illustrating the order of evaluation in the link below.
Should I create a Firewall Rule to simply allow an IP if the hostname/url is that single Internal URL?
The scope of the Allow action is limited to Firewall Rules; matching requests are not exempt from action by other Cloudflare Firewall products, such as IP Access Rules, WAF, etc.
Should I create a Firewall Rule with conditions that If the IP is xx.xx.xx.xx AND hostname is equal to THAT_ONE_DESIRED_URL_TO_ACCESS, Action “Bypass Zone Lockdown”
Yes, the above should exempt the client IP from the zone lockdown rule.
You may want to review detail instructions on how to configure Cloudflare Firewall rules in the link below.