Unable to Whitelist IP

I’m trying to unblock an IP address which is blocked by another firewall rule, but no matter what I’ve tried, it is still blocked. So far I have:

  1. Added an “Allow” rule to the “IP Access Rules” in “Security > WAF > Tools”.
  2. Added an “Allow” firewall rule under “Security > WAF > Firewall Rules”.
  • This rule is above the “Block” rule in drag-and-drop ordering.
  1. I’ve checked numerous Ray IDs for the blocking, and it’s always the same firewall rule.

I’ve searched through at least a dozen other community posts and have not found any solutions. Some of the older ones mention a difference between WAF and Firewall Rules, but, unless I’m mistaken, I’m under the impression that those are the same thing now? I don’t think a Bypass rule would help, because every event shows the same firewall rule as the only reason for the block. I’m banging my head here and can’t think of anything else to try.

Screenshots:
Discourse won’t let me embed more than one image, so I’m linking them instead. And apparently I can’t put more than 4 links in a new post, so I’ll attach additional ones in a reply.

Example block event:
Note: this event occurred while both of the other “allow” rules were enabled.
Screenshot

Firewall Rule Ordering:
Allow rule location
Block rule location

Allow rule:
Allow rule details

[Block rule and IP Access List rule in reply below]

Is there something obvious I’m missing here? I’m I misunderstanding how all of these rules work?

Additional screenshots that Discourse wouldn’t let me include above:

Block rule:
Block rule details

Allow via IP Access Rules:
IP Access Rules list

Without using any Firewall Rules, you could achieve this by blocking the ASN in IP Access Rules for your website. Therefore, allow only one specific IP from that ASN for your website.
Allow should took the priority.

Might be your Firewall Rules order list is not good, so 1st rule is always blocking and request never passes to the 2nd rule which allows it, or vice-versa.

If using Firewall Rules, you could have a combination like:

  • if request is not from the IP 123.123.123.123 and ASN is 12345, method block

From your screenshot, you allow the IP at IP Access Rules, but the Firewall Rule (block ASN) is blocking it later.

Ah, blocking the ASN via IP Access Rules is a good idea, I might try that.

However, I think the rules are working now, even though I haven’t changed anything since my post yesterday. The person who was being blocked contacted me this morning and said they cleared their cookies and now they can access the site. This seems very strange to me, is it normal for cookies to be a factor in “caching” a block, even though the firewall has no rules which block based on cookies?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.