Firewall Whitelisting by Country

I noticed that the United States is whitelisted in my cloudflare firewall but I did not add that rule. Maybe it was there by default when I setup cloudflare.

Is there any point to having countries whitelisted in the firewall? Most of my traffic is in the United States with some coming from the EU and South America. If you don’t have any countries whitelisted in the firewall do you run the risk of blocking legimate traffic to the website?

By default Cloudflare allows traffic from anywhere. If the US is white listed it was done by you or by someone else with access to your account. Your audit logs may show when it was done, but that’s not something Cloudflare would have set/configured.


Makes sense. What would be the point of being able to whitelist a country then?

Hi @user2294,

It can allow you to let traffic from a particular country through any other firewall rules you may have configured. E.g. Challenge all requests from a certain user agent, but whitelist a country (generally not the best plan and there are more elegant solutions, but you get the idea!).


I stand corrected. That rule is under the “IP Access Rules” in the firewall section of cloudflare.

This topic was automatically closed after 30 days. New replies are no longer allowed.