IP Access Rules - ASN blocked for all websites, but added another under a specific zone to allow, which one triggers?


Recently I come a cross a situation where on one Cloudflare account there is the admin/user who blocked an AS number for all the Websites in it’s account in the IP Access Rules.

Therefore, only one domain under that same Cloudflare account needs the one specific AS number to be allowed (not blocked) - only that one domain.

I wonder, what should be triggered in terms of priority/order and respected from below picture for that zone (domain) if we added “Allow - for this website” despite the one from before “Block - all websites in account”?:

Thank you!

I always thought Allow took priority. This should be pretty easy to test by setting up similar rules for a cloud server’s ASN and trying a few curl commands from that server.

1 Like

Tested and working

Thank you :slight_smile:

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.