[WAF] A firewall rule is applied that does not exist

Cloudflare is blocking access to the site based on a firewall rule that has been deactivated for a long time. How to fix this situation? Blocking occurs according to AS12389, but this condition has long been excluded from the settings of this firewall rule.

5.141.194.18
AS12389 ROSTELECOM-AS
48ebbf67f3c94b84bb48eb42c5f76e0f

Screens:
http://joxi.ru/zANoKMYhxLaqLr
http://joxi.ru/MAjavdotZ3Byl2

That’s interesting, it looks like you’ve been migrated to the new Custom Rules

but your WAF tab still shows Firewall Rules.

If you try logging out and back in, does it still show “Firewall Rules”? It might just be you need to get it to do a hard refresh/really unlucky timing, and then disable the new Custom Rule.

It may take up to a few minutes for the disable to happen as well, I’m not sure what you consider a long time, the data on the rule looks recent.

Thank you for reply. I deleted all WAF rules for the domain artsgallery.pro.
Screen: Joxi (646 kb) закачан 13 июня 2023 г. Joxi
Still it is being blocked by Cloudflare on my mobile for unknown reason showing even deleted WAF rule in the Events log:
Joxi (605 kb) закачан 13 июня 2023 г. Joxi
Please, advise.

Did not find the solution. I am going to delete and add the domain again. It seems that the owners of the service do not look into the discussion of the problems of their service at all.

Deleting and reading a domain won’t solve the problem.

I my case the problem is solved by re-adding the domain. Support on free accounts is on the -80 level. Very strange business model. If there is no support on a free account, then who will believe that it will be better on a paid one?!

The problem is back. The long-deleted firewall rule (WAF) for the domain continues to block access to the site. Disgusting quality of technical support and Cloudflare service. We urgently need competitors.

@mcorreia, any idea why different rule engines work here at the same time - @Chaika’s summary is accurate

@ivangorshkov, I’d also recommend to open a ticket at https://dash.cloudflare.com/?to=/:account/support under this category and post the ticket number here?

Thank you for reply. A am on free account. I do not have an option to submit a ticket. Screen:
http://joxi.ru/D2PoagYh1Z79Vm

I logged out and then logged in many times. It is already 3-4 weeks since I deleted the rule in firewall. It is still working as I showed before (screenshots).

I will escalate the issue. With the weekend, I wouldn’t expect a response from support before next week however.

Could you try to whitеlist AS12389 at https://dash.cloudflare.com/?to=/:account/:zone/security/waf/tools as a workaround?

I made this settings: Joxi (510 kb) закачан 16 июня 2023 г. Joxi
The site is reachable from this ASN at the moment.
Please, inform the company about the situation.
Thank you for solution!

That’s correct, glad it’s working.

I’ve escalated the issue already, but I am afraid I can’t tell you how quickly they might look at it. Might be soon, might be next week.

Hello we are sorry for the issues you have been experiencing. I have created ticket # 2834448 which I am currently working on. I will have a update for you at the end of my shift. We appreciate your patience regarding this matter.

I have went ahead and created an internal ticket with our team. To work on this issue as this is not expected behavior. If you want further updates you can check the ticket 2834448 as that will always be the most current source of information. If you need anything else let us know in the ticket. As soon as we have any information we will let you know. Thank you for your patience.

@sandro Old rules are probably still active but not visible in the dashboard. I came across this issue before once, where I had to manually enable an entitlement in the zone to then be able to disable the rule through the API before disabling the entitlement again.
I see @eportillo already created a ticket and raised it internally, so let’s see how this goes. Either way it’s always better for it to be escalated like this so our team can analyze it deeper and see if there is a flaw in our migration or something like that that can be affecting other users that are not even realizing it.

Thanks for getting back.

Right, I did assume that it would be an issue with the rules engine.

Yes, @eportillo had opened a ticket after I escalated it. I hope Cloudflare can quickly apply a fix as @ivangorshkov has had that issue for quite some time already.

@ivangorshkov Our team has applied a fix. You are now able to see the custom rules that were triggering. So please at your earliest convenience delete them or disable them.

Let me know if you are still experiencing any issues.

I found the Custom Rules section and deleted old rules. The problem is solved.