I have a rule I use for all my site to block countries it works fine.
(ip.geoip.country in {“DZ” “BR” “KH” “DO” “IN” “ID” “IR” “IQ” “MY” “MM” “PH” “RU” “TH” “AE” “LK”})
But on one site it only works with WWW but not for root. I have tried adding URI but nothing works.
Any ideas of a dns setting that might cause this?
Thanks
Can you share the name of that site and one where it does work?
Doesn’t work bensonpercival.com but does www.bensonpercival.com
Works (example) susanstewart.ca
I am using VPN to switch countries
I do not see any rules for susanstewart.ca.
The rules for the two are different; this one bensonpercival.com is looking for a particular path bensonpercival.com/example
Sorry if the terminology is wrong , these are both Security > WAF > Security - Custom rules
Both have the same Expression
The DNS is setup a little different with bensonpercival.com having a cname for www.
If you use a VPN for one of the disallowed countries you should see the problem. I added a www to root rule on bensonpercival.com to see if it solves the issue, as putting www when VPN from a blocked country then it doesn’t redirect to root.
This site is hosted at WPEngine, which means that A and Cname for www are not to be behind a proxy.
That’s why the Rules did not work;
This also means that rules need to be configured at WPEngine not at Cloudflare.