Waf block wp-login.php and others

how i can block waf on cf wp-login.php" or “xmlrpc.php” or “admin-ajax.php” or “wp-admin” for all countries except for one specific country ? thanks you

You should be able to do that via WAF rules.
Something like the following should give you an idea:

thanks you, but that way i have ti put all countries , any way to block all countries trying to access to wp-admin , except one specific ?thanks you

sorry my mistake, you image block for all countries /wp-admin except afghanistan ?

Yes - the first image I uploaded I was wrong but the latest one is correct.

One thing we have noticed recently is the that “Contains” rule appears to be case-sensitive, which isn’t great if you’re trying to block access.

If you can provide the absolute URI (perhaps with wildcarding if needed) you might be better using an Equals rule rather than Contains.
I was very surprised to find that Contains was case sensitive (we found it when a rule stopped working for us when a link had different casing) so have a play around with the different options available and see what works for you.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.