Rule Blocking Computer Public IP in Allow List but not Smartphone after ISP change

What is the name of the domain?

staging.example.com

What is the error message?

Sorry, you have been blocked

What is the issue you’re encountering

Unable to access our ip gated website with my computer from a specific public IP address that is included in the allow list. However, a smart phone can access the ip gated website with the same public IP address. This all started after changing to a different ISP.

What steps have you taken to resolve the issue?

Cleared cache. Removed and readded IP address.

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full (strict)

What are the steps to reproduce the issue?

Go to the website with any computer from the public IP address and a you are blocked page is revealed. Go to the exact same website from the same public IP address on a smart phone and access is granted.

Still working through this. If you have any suggestions on how to allow the computer to access the IP gated site I am willing to give it a go. Thank you!

Check your security event log which will tell you the reason and then you can make changes to your rules as required…
https://dash.cloudflare.com/?to=/:account/:zone/security/events

1 Like

We know its a one of our rules blocking access to any IPv4 address not on the list. The list has the correct public IP address in it but the rule is only blocking computers and allowing smart phones.

Can you show a screenshot of the rule?

Here you go and thank you for taking the time to troubleshoot this :pray:

The IP that is being blocked on the computers is in the list. Other team members who’s IP addresses are in the list are able to access the staging site on their computers with out issue. This all started when I switch ISPs

Have you confirmed the IP in the WAF event? Quite possible the user is connected via IPv6 and so the WAF rule is actually firing as expected based on the actual source IP address.

1 Like

Thank you for the suggestion. I am very new to Cloudflare so I’ll see if I can find a log for these events and get back to you.

Looks like you are right. It is an IPv6 IP that is being evaluated and not the IPv4 address. I tried to add the IPv6 IP to the IP list but it will only allow IPv4 IP addresses. Do you know of a way that IPv6 address can be added to an IP allow list?

1 Like

From the screen where you enter addresses:
“IPv6 addresses must not be larger than /64.”

The documentation gives an example of what yours should look like:

https://developers.cloudflare.com/waf/tools/lists/custom-lists/#lists-with-ip-addresses-ip-lists

1 Like

Thank you very much, I just found that document as well!

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.