Simple WAF Rule not working for root only for www

I have a rule I use for all my site to block countries it works fine.
( in {“DZ” “BR” “KH” “DO” “IN” “ID” “IR” “IQ” “MY” “MM” “PH” “RU” “TH” “AE” “LK”})
But on one site it only works with WWW but not for root. I have tried adding URI but nothing works.

Any ideas of a dns setting that might cause this?


Can you share the name of that site and one where it does work?

Doesn’t work but does
Works (example)
I am using VPN to switch countries

I do not see any rules for

The rules for the two are different; this one is looking for a particular path

Sorry if the terminology is wrong , these are both Security > WAF > Security - Custom rules
Both have the same Expression
The DNS is setup a little different with having a cname for www.
If you use a VPN for one of the disallowed countries you should see the problem. I added a www to root rule on to see if it solves the issue, as putting www when VPN from a blocked country then it doesn’t redirect to root.

This site is hosted at WPEngine, which means that A and Cname for www are not to be behind a proxy.
That’s why the Rules did not work;

This also means that rules need to be configured at WPEngine not at Cloudflare.

1 Like