Hi
I have a website domain which I use to do testing/development on and I’d like to restrict access to only allow myself and client to have access to.
I hope I’ve done this correctly, but this is what I’ve done so far:
Created a Custom List called “list_safe_ip” and added only mine and client’s IP address.
Went to Security > WAF > Custom rules
Created a rule of “IP Source Address + is not in list + list_safe_ip = block”
However when I try and visit the site from a different network (eg vpn or cellphone) I still can access the website.
Am I doing this correctly?
If it is only your IP address, I wouldn’t bother with a list. Create a rule (ip.src ne 1.2.3.4) (where 1.2.3.4 is your IP address.) Set action to block.
1 Like
Thanks, yes I tried that first but doesn’t seem to work.
For example I have (ip.src ne 193.160.246.34) which believe should mean can only access from this IP.
But when I visit from another IP it still seem to access it
I have exactly the same rule (different IP of course) and it works fine. Can you post a screenshot of what you have?
1 Like
Thanks, here is the first
https://ibb.co/wwg05dH
and then setting
https://ibb.co/hHsHjXJ
1 Like
That is the same rule spec as what I have. I have tested using a different network and was blocked. I cannot explain why it doesn’t work for you.
1 Like
How bizarre.
Is there a setting which overrides or needs to be enabled for the WAF to be applied?
Is your domain even proxied? The WAF rules would obviously not work in DNS-only mode.
3 Likes
OMG. I’m going to go and crawl into a corner and hide in pure embarrassment.
Took for granted that it was proxied.
3 Likes
system
August 24, 2023, 12:02pm
13
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.
