WAF Custom Rule Not Block IP's

Website, Application, Performance Security
1

Answer these questions to help the Community help you with Security questions.

What is the domain name?

http://www.affordablecasket.org

Have you searched for an answer?
Yes

Please share your search results url:

https://community.cloudflare.com/search?expanded=true&q=custom%20rule%20not%20working](https://community.cloudflare.com/search?expanded=true&q=custom%20rule%20not%20working)

When you tested your domain, what were the results?
I could see the site, it should be blocked

Describe the issue you are having:
I used this rule: (ip.geoip.country ne “US”)

When I deploy it on www.cremationsocietywa.com it works, but on any other site it does not work, such as www.affordablecasket.org or www.cremation.plus, they both have the same rule. I am using Proton VPN from Ireland, France, England, Brazil, etc. and none are blocked.

What error message or number are you receiving?
None

What steps have you taken to resolve the issue?

  1. cleared CF cache
    2.Cleared browser cache and rebooted server
  2. Made sure the sites do not have any caching plugins

Was the site working with SSL prior to adding it to Cloudflare?
Yes

What are the steps to reproduce the error:

  1. go to www.cremationsocietywa.com from a non US IP address (its blocked)
  2. go the same with www.affordablecasket.org (same rule, not blocked)
  3. Note the difference

Have you tried from another browser and/or incognito mode?
Yes

Please attach a screenshot of the error:

4

That is because this site is proxied by Cloudflare.

These sites are not proxied by Cloudflare, so there is no way that rules could take effect. Switch the DNS records from DNS-only :ngrey: to proxied :norange:.

1 Like
5

proxying them causes a redirected you too many times error, even after clearing cache.

6

That is usually caused by your SSL/TLS Mode being “Flexible” when it should be “Full (Strict)”. You can find this setting in the Cloudflare dashboard, within your website, under SSL/TLS → Overview, or via this magic link: https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls. Set it to “Full (Strict)”, re-proxy the site, wait for DNS Propagation, and then check if you still get the error. You’ll need ensure this is set properly for both of the sites.

Other potential causes: ERR_TOO_MANY_REDIRECTS · Cloudflare SSL/TLS docs

3 Likes
7

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.