How to Properly Allow IP Ranges Through WAF

Hi,

I would like to know how to (if possible) whitelist certain IP ranges from being blocked by CF’s WAF.

When my host’s backend developers tried HTTP GET requests via curl to our website, they got denied immediately. They then used their hosts file to attempt those same requests and had an HTTP/2 200 response vs 403.

The example IPs to whitelist:
1.2.3.4/23 1.2.3.4/22 1111:1111::/29

Is it possible to add a rule with those ranges?

Thanks and regards

If it’s actually the WAF, then you can add a Firewall Rule with those CIDR addresses, then select Bypass (WAF) for the response.

First you need to make sure you know why they were blocked. Do you see anything in the Firewall event log?

I cannot see any of the IPs being blocked. I even looked up Sucuri’s ASN and nothing is found.

SiteGround uses Sucuri to scan our site and that gets blocked sometimes.

My site IP and server IP is whitelisted too.

Is this the correct rule:

(ip.src in {1.2.3.4/23 1.2.3.4/22 1111:1111::/29})

Or is there something I am missing?

Thanks for the help!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.