What is the name of the domain?
What is the issue you’re encountering
Traffic not blocked
What steps have you taken to resolve the issue?
I created a custom WAF rule :
Condition : (http.host eq “v1.ec-gabriel.fr”)
Action : block and return “Default Cloudflare WAF block page”
Using trace I can see the rule is matched :
Expression: Hostname / Action:block
But when using my browser on desktop or mobile or wifi or 5G. I’m allowed to access the host.
Attached is screen of cloudflare trace result VS curl.
Was the site working with SSL prior to adding it to Cloudflare?
Yes
What is the current SSL/TLS setting?
Full
What are the steps to reproduce the issue?
Browse v1.ec-gabriel.fr, you should be blocked.