Traffic is still passing even WAF rules are enabled

Hello everyone!

I have set the custom WAF rule that blocks ASNs

(ip.geoip.asnum in {63510 55699 8075 142393 16276 135377 3223 6724 7203 7979 9009 18450 20473 23033 30083 30633 31103 32475 36024 37153 40244 43350 53755 55286 60781 61157 24940 28753 31103 51167 61157 37963 396982 213230 42831 206092 13213 137409 42708 62240 51765 43894 31898 22652 140799 209638 45903 135942 20940 133752 47188 132203 40065 394996 6939 49367 212238 136065 203020 64080 39486 205659 36352 203999 202044 207743 50495 210906 133944 205964 46516 202496 21769 55081 50304 396356 50835 2914 46573 62874 64286 329225 6718 264617 34081 13332 197706 44144 397086 14061 206070 328867 24940 397630 54252 40156 197450 44477 197540 51082 44901 63949 })

Action for the above rule is set to block.

However, the traffic is still passing for specific ASNs:

Am I missing something?

Thank you in advance.

If you switch for past 30 minutes, does the numbers lower a bit or not? :thinking:

How long have you got this Firewall Rule active if it’s enabled? :thinking:

Is it the only rule you’ve got?

Anything added via IP Access Rules so far?

Are the DNS records proxied and :orange: ?

1 Like

Rules are old for several months. When I check with 30m (live) it keep increasing, the reason is that at that point I’m getting the attack.

No, there are multiple before it. To allowlist certain IPs from IP lists
WAF looks like this:

Yes, only server IPs.

Yes

Hi @iRakic

Looking at the setup, then this rule is set to give a managed challenge, so not all visitors will be blocked.

Did you change the action from block to managed challenge?

1 Like

I changed recently to the managed challenge.
When I switched to a Business plan everything started working properly and faster.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.