Persistent Russian Traffic Despite Configured Firewall Rule

I have set up a firewall rule on Cloudflare to block traffic from Russia. Despite the rule being configured correctly, my Google Analytics reports still show significant traffic from Russia. It seems the firewall rule may not be functioning as expected, or there might be other factors allowing this traffic to bypass the rule.

Evidence

  1. Firewall Rule Configuration:


  2. Google Analytics Report:

Request for Assistance

I am seeking assistance in understanding why the firewall rule is not effectively blocking traffic from Russia and what additional steps I can take to ensure that this traffic is properly blocked.

Thank you for your support.

Some reasons:

  1. Geolocating is not 100% accurate. If Cloudflare and Google Analytics aren’t using the same Geo database, you’re bound to get some discrepancies.
  2. You may have a conflicting setting somewhere else that’s letting them through. Such as you didn’t turn on proxy mode, or you have a skip rules on top of this block rules.
  3. Those visits may by bypassing Cloudflare and accessing your site directly by server IP address. That’s why it’s good to firewall all connections that don’t come from IP addresses on the list at www.cloudflare.com/ips

You can go to Analytics/Traffic tab to check more information about your traffic.

Hi hollynghiem,

Thanks for your feedback. I’ve followed your recommendations, but I’m still facing issues with visits from Russia. Here are the steps I took:

  1. Geolocation: I understand that accuracy can vary, especially if Cloudflare and Google Analytics are using different Geo databases. To mitigate this, in addition to blocking Russia, I’ve also blocked the countries bordering it.
  2. Proxy Settings and Rules: I have verified and enabled proxy mode in Cloudflare. I also reviewed all the blocking rules and found no conflicting settings that might be allowing these visits through.
  3. Direct Server IP Access: To prevent visits from bypassing Cloudflare, I have blocked all direct connections to the server that do not come from the IP addresses listed on Cloudflare IP List.

Despite these measures, I still see visits coming from Russia. Could there be another configuration or approach that I am missing? Any additional advice would be greatly appreciated.

Thank you!

Pedro