Using Firewall to block resources on fake domain

Website, Application, Performance Security
1

Hey Team,

Firewall seems to provide a feature to block request via Referer but it doesn’t seem to be working.
Original domain: https://coinswitch.co
Fake domain: http://coinswitch.site/

Firewall rule:

45%20AM
45%20AM1980×1062 128 KB

I would like to disable block all calls to (coinswitch .co) domain where its originating from coinswitch.site. It would be of great help if you can help me validate:

  1. Is Firewall referere meant to block such cases? If yes, any help in cofiguration would be highly appreciated.
  2. Is there any other way to block such cases
2
  1. Yes, this is a pretty good use case
  2. Only thing I can think of is a Workers script, but that would be pretty expensive.

Looks like it works, the CSS on the fake site is broke and all requests to the main site’s files 403:

image
image.png1410×374 33.6 KB

3

It’s intermittent. Behavior is little unpredictable, sometimes it blocks the requests but not always.

We use Cloudflare for caching our static resources as well. I have observed requests being served from cache multiple times. I am not sure if resources are cached then firewall rules are skipped or some bug is there on Cloudflare end.

==> 1. Only thing I can think of is a Workers script, but that would be pretty expensive.
Would be of great help if you can elaborate on this, any relevant article would help.

4

Fake domain is again functional now: http://coinswitch.site/

Somehow Cloudflare is not blocking static resources now. There is no change from our side.

5

It’s your cache. It doesn’t work for me.

6

Behavior is unpredictable. I have tested it on two system in parallel in incognito mode, its getting loaded on one but not on other.

Seems to be Cloudflare issue so far. Please let me know if you have any suggestion for validation.

7

This topic was automatically closed after 30 days. New replies are no longer allowed.