Security - WAF not working Free cloudflare

I am using the free version of Cloudflare. GeoBlockContinent - Block Continent is not working, also Country block is not working as well. Can anyone tell is there any reason?

Which URL and which countries have you blocked?


I block countries, Continents, and IPS nothing works.

Post a full page screenshot of that page and also a screenshot of your list of rules.

Also, post a screenshot of https://dash.cloudflare.com/?to=/:account/treasuresofmorocco.com/dns/records - you can redact the IP addresses

https://ibb.co/k5r0jRr
https://ibb.co/F06XmRf

Please check the screenshots.

Can you post screenshots of these pages?

https://ibb.co/T8qjXNj
https://ibb.co/sw87FYT

Please check

That’s not a screenshot of page rules and you should check your IP access rules, as they might white-list that.

https://ibb.co/Tc81KC5
Last one

I tried with VPN random IP its still visible to Japan and other countries which should blocked.

https://ibb.co/qMYzKwk

Its empty

Do you have any Worker scripts running? The thing is, the block works for cdn, it doesn’t work for the naked domain and www.

Also post a screenshot of https://dash.cloudflare.com/?to=/:account/treasuresofmorocco.com/security/events

https://ibb.co/n6GXyB3

I don’t have any script running. Its was work before but we moved premium to free. Now it’s not working.

These blocks are for cdn, right?

What about https://dash.cloudflare.com/?to=/:account/treasuresofmorocco.com/security/events&host=treasuresofmorocco.com?


its empty. Yes from cdn.

To recap

  • you have firewall rules configured which should block
  • these are the only active firewall rules
  • you have no page rules
  • your IP access rules do not white-list that
  • no Worker scripts deployed
  • you are configuring the right account
  • the block actually works for cdn, but not the other hostnames

Usually, some business integration may override your rules, but I don’t think this is the case either.

Maybe I am not seeing the forest for the trees, but if the configuration is as you posted, I am not sure why the block would not work.

Tagging @MVP

1 Like

Could you maybe also share screenshots of the other WAF Custom Rules, especially the ones where the action is skip?
And please upload them in the forum, like you did with your first screenshot. The others are barely readable.

Or are they here somewhere and I just missed them?

Edit: Ah, I see the skip rules are disabled, nevermind.

That might actually be it:

X-Powered-By:
WP Engine
1 Like