vopay.com
The following ratelimiting rule isnt working as intended. (cf.waf.score.class eq “attack” and http.request.uri.path ne “/api/v2/vopay/update-notification” and not ip.src in {52.60.226.121 15.156.104.253}) or (cf.waf.score.class eq “likely_attack” and http.request.uri.path ne “/api/v2/vopay/update-notification” and not ip.src in {52.60.226.121 15.156.104.253})
sorry for a bad original post, UI issues… here are actual info
we also have managed rules for skip (http.request.uri.path wildcard " /api/v2/batch/eft/*") and (http.request.uri.path eq "/api/v2/vopay/update-notification"). And some Execute on Cloudflare Managed Ruleset & Cloudflare OWASP Core Ruleset
as for the issue itself. this situation has happened a few times
below, Attacking IP Rate Limit Block triggered 7.22k times, but still 3.84k logs. Given my rule, the first 16 or so (+ CF side delay) should get logged and rest be blocked for the next 1h. I dont understand how I did the misconfigure.
This issues persist (per graph, not posted) when I have IP and path / filtered. and when I have the host/url also filtered.
Support left me on read for 6+ weeks. I’d appreciate the communities help.
