IP access rules has been block by custom rules

Website, Application, Performance Security
1

What is the name of the domain?

What is the error number?

403

What is the issue you’re encountering

IPs in IP access rules will be block some time

What steps have you taken to resolve the issue?

I’m add some IPs to the IP access rules in WAF–>Tools and set it as “Allow”
Then I also create a Custom rule to block all the traffic to my domain
The goal is to deny all IP sources if they are not in my IP access rules.

As I know, When the Client IP address in “IP access rules” send a request, It should bypass all other rule checks include “custom rules”.
The setting are working so far, but today.
I using the trust IP that I filled in my IP access rules, It will be block by “custom rule” or bypass by “IP access rules” (see attachment pic.)
About 1/3 or half of the resource request will been block(403) in my site.
But if I set the trust IP in custom rule, They are work fine.

I know it’s recommend using “custom rule” if I want to block IP from Client.
But the “IP access rules” can not pass the custom rule anymore?
Or there are some reason cause this issue?

Was the site working with SSL prior to adding it to Cloudflare?

No

What is the current SSL/TLS setting?

Flexible

Screenshot of the error

擷取.PNG
擷取.PNG680×741 23.5 KB

1 Like
2

I am having the same issue.

Started happening since 2025-02-12 approx at 10am CET.

As a temporary solution I had to modify the expression in Custom Rules tab to exclude all IP addresses that were allowlisted

Temporary fix:

WAF → Custom Rules:

  • Rule Expression: (http.request.full_uri contains "subdomain.example.com") and (ip.src ne 54.xxx.xxx.xxx)
  • Action : Block

Before the changes:

it was setup like this and working fine, allowing the IP address defined in Tools tab to bypass Custom Rules filters:

  1. WAF → Tools:
    Value: 54.xxx.xxx.xxx | Applies to: All websites in account | Action: Allow
  2. WAF → Custom Rules:
    Action : Block
    Rule Expression: `(http.request.full_uri contains “subdomain.example.com”)
3

I have the same problem. I have search engine ASN in “IP Access Rules” ->Allow. And tonight Cloudflare sent 403 to this IP. Doublechecked with search engine support.