I have a website domain which I use to do testing/development on and I’d like to restrict access to only allow myself and client to have access to.
I hope I’ve done this correctly, but this is what I’ve done so far:
- Created a Custom List called “list_safe_ip” and added only mine and client’s IP address.
- Went to Security > WAF > Custom rules
- Created a rule of “IP Source Address + is not in list + list_safe_ip = block”
However when I try and visit the site from a different network (eg vpn or cellphone) I still can access the website.
Am I doing this correctly?
Am I missing a step - or is there a delay period?
If it is only your IP address, I wouldn’t bother with a list. Create a rule
(ip.src ne 22.214.171.124) (where
126.96.36.199 is your IP address.) Set action to block.
This works for me.
Thanks, yes I tried that first but doesn’t seem to work.
For example I have (ip.src ne 188.8.131.52) which believe should mean can only access from this IP.
But when I visit from another IP it still seem to access it
I have exactly the same rule (different IP of course) and it works fine. Can you post a screenshot of what you have?
Thanks, here is the first
and then setting
That is the same rule spec as what I have. I have tested using a different network and was blocked. I cannot explain why it doesn’t work for you.
I did the same setup rules again on a completely new website domain with fresh wordpress install and got the same… seem to be able to visit from any/
Is there a setting which overrides or needs to be enabled for the WAF to be applied?
Is your domain even proxied? The WAF rules would obviously not work in DNS-only mode.
OMG. I’m going to go and crawl into a corner and hide in pure embarrassment.
Took for granted that it was proxied.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.