How long before firewall rules go into effect?

I added a number of IP Access Rules under my firewall to add a challenge question for various countries on June 12th. I thought that these would go into effect immediately but that does not seem to be the case. I didn’t see any effect at all for a few days and then finally today saw in my Firewall Event Activity Log that challenge questions were being issued for just one of the countries that I put a rule in place for. This was three plus days after I created the rules and it was only for one of the countries I issued them for (there were many others). Is there normally a delay for these rules to go into effect? How long will it be before the rules for all of the countries I have added go into effect?

Firewall rules typically become active within a few seconds.

I assume they are marked as enabled, are they not? What about any prior rules which might shadow them?

If you feel comfortable sharing your rules, post screenshots of the list of rules as well as the rule in question here.

1 Like

Below is a screenshot of a portion of one of the pages of the rules I added to include a challenge question. I have no other firewall rules for my account other than additional challenge questions for various countries. I assume these are enabled, is there something else I need to do in order to enable them? I still see entries in my Google Search Console from most of the countries I added with the exception of the one that now appears to be working as I expected.

These are not firewall rules but IP access rules. What exactly did not work here? These seven countries should get fairly quickly challenged after you set up these rules.

Sandro: I indicated that they were IP Access Rules and they show up under Firewall. I added them for approximately 100 counties on June 12th. Since I added them, only one county started getting challenge questions starting June 15th. None of the other countries has even though I see many of them in my Google Search Console since I put these IP Access Rules into effect.

Google is not really relevant in this context. Do you get requests from these countries in your own server logs? If you do, they probably bypass Cloudflare altogether and connect to your server.

My webhosing is with SiteGround. I was under the impression when I signed up for Cloudflare CDN service that my website’s content would be delivered by the Cloudflare server nearest the visitor. Since the visitors I am trying to stop with the challenge question are all international visitors, wouldn’t they automatically be routed to the closest international Cloudflare server vs. one in the US? For the one country that is now successfully delivering the challenge question (France), I see them in the Cloudflare Firewall Events Activity Log and I no longer see them in my Google Search Console. So if this works for France, why doesn’t it work for other international countries? And why did is take 3 days for it to start working for France when the rules are supposed to be in effect immediately?

If they have your origin address they will always be able to connect directly, unless you configure your system firewall to block other connections (-> search for more details).

If you have these rules in place they will challenge these countries, if you still get requests it means someone solved the CAPTCHA or they connected directly.

sandro: I appreciate your quick respones.
You say configure your system firewall to block other connections. I searched for that topic but didn’t see anything, could you tell me where I can find details about doing this?

Firewall related topics are a bit beyond the scope of the forum here, for that I’d recommend StackExchange.

But first you should check your logs and establish where the connections come from.

I was referring to Cloudflare’s firewall, I now assume that you were not and instead referring to my webhosting server.
Nonetheless I am still puzzled. I created IP Access Rules for about 100 countries to have a challenge question posed when attempting to visit my site. Since I added those rules, the only country to start logging events is France (as shown in the screenshot below). And since these events started getting logged, I no longer see them in My Google Search Console. This is exactly what I was hoping would occur (only for all countries, not just France). But you say that if a visitor has my origin address they will always be able to connect directly to my webhosting server and bypass Cloudflare. Then what you are implying is that all visitors from the other ~99 countries that I have IP Access Rules for have my origin address but only visitors from France do not. I can not believe that would be possible.

No, of course your server firewall. If they bypass Cloudflare any Cloudflare setting will not do much.

Hopefully one last question. You said if visitors “have your origin address they will always be able to connect directly”. What do you mean by origin address? An IP address? I would assume most people use my domain name to get to my website. And that if people used my domain name to access my website that it would be routed through Cloudflare.

The address of your server.

For starters I’d check the server logs and make sure requests really go only via Cloudflare.

This topic was automatically closed after 14 days. New replies are no longer allowed.