What is the name of the domain?
serviceme.pl
What is the issue you’re encountering
WAF Custom Rules doesn’t work
What steps have you taken to resolve the issue?
Hey everyone,
I’m running into a weird issue where none of my WAF custom rules are triggering, even though everything seems to be configured correctly.
Proxy is active (cf-ray, server: cloudflare present in responses).
Under Attack Mode is disabled
Rules are enabled, set to First in order, and use conditions like:
URI Path starts with “/”
Action: Block
I tried creating a test rule like:
Field: URI Path
Operator: starts with
Value: /
Action: Block
And then issued a request:
curl -I https://serviceme.pl/
HTTP/2 200
server: cloudflare
x-powered-by: Nuxt
Also tested:
curl -I --resolve serviceme.pl:443:162.159.140.98 https://serviceme.pl
Result: same thing — request hits Cloudflare, but WAF rule is ignored.
There are no Firewall Events logged at all, even when explicitly trying to trigger them.
What I’ve double-checked:
No Page Rules that override security
No Access Rules, Workers, or firewall exceptions
DNS setup is correct (A/AAAA records proxied)
Rule is active and properly formed
Has anyone seen this before?
Is it possible that WAF engine isn’t actually active for my zone even though it appears to be?
Would appreciate any insight — thanks in advance 
What are the steps to reproduce the issue?
Visit serviceme.pl and page is accesible
