How to block sanctioned sections of Ukraine?


Due to legal reasons, we need to block requests coming from the sanctioned regions of Ukraine (Crimea Donetsk and Luhansk).

How can we achieve this? As far as I see, there is a past post that mentions a solution for the Crimea region using this subdivision code:UA-43

ip.geoip.subdivision_1_iso_code eq "UA-43"

According to ISO website,

For Donetsk, we need to use: UA-14
For Luhanks, we need to use: UA-09

Did anyone tried this approach before? And any advice on how to relay this information to the application server as well? Currently Cloudflare only sends “Ukraine” as the country; not the subdivision.

That approach should work.

To send it to the origin server, use a Transform Rule that modifies request header and sets a header name of your choosing to dynamic variable ip.geoip.subdivision_1_iso_code

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.