Subdomain Firewall Rules Not Working

Hello there, I’m working on a domain and added a subdomain in it, which is sub.example.com.
I would like to allow only one IP address to access this sub.example.com (actually a GET request) and added the rule as below:
(http.host eq “sub.example.com” and ip.src ne {{ip_for_whitelist}})

I have gone through other posts like this and set the rule to “BLOCK” but it still doesn’t work, did I miss anything on it?
Thanks in advance!

That rule looks fine to me. I was thinking about the DNS record for sub.example.com, is it “orange-clouded”? (Proxy status: Proxied)

Not really, since I’m afraid it will affect my certbot (SSL stuff), I didn’t turn this Proxy on for this subdomain, but should I? :thinking:

That’s up to you, but it explains why the firewall rule isn’t working :smiley: When the record is configured with Proxy status “DNS only” (grey-clouded), the requests go straight to your server without passing through Cloudflare (apart from the DNS). So Cloudflare can’t apply things like firewall rules in that case.

Thanks for that! I had it turnt on and things are working, will keep an eye on it

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.