WAF Firewall rule Error message CIDR Ranges

Getting Started
#1

This is obviously going to be a simple question for someone here…but I’m trying to setup a Firewall rule in our cloudflare WAF to block a range example 111.111.111.0/24 when I type this in I get the following message.

“CIDR ranges can only be used with ‘in’ operators” when I use the in operator I cannot do a test on the entry

Can someone advise what the correct operator and syntax I should be using I’ve looked through the support pages and can’t seem to find an example I require.
Thanks in advance

#2

Something like this?

Screen Shot 2021-02-18 at 3.54.55 PM
Screen Shot 2021-02-18 at 3.54.55 PM2196×1144 156 KB

1 Like
#3

I’ll give that a try but when I did this and tried to test it Cloudflare reported cannot test “is in” or something to that effect, I’ll give it another go, thanks for being so quick in replying.

#4

Yes I get the following error when I try to test the rule

image
image1257×216 7.29 KB

#5

That’s normal. The rule is valid, but they can’t spoof IP address in tests.

#6

Cheers that great to know I was going round in circles thinking I had something wrong Big Thanks

Pearl

1 Like
#7

More a limitation of the system we don’t have a good way to test that rule against the way data is collected/ stored. In this instance we can’t easily compute the CIDR range and evaluate it against previous data… I assume because we don’t use that as a meaningful key and so we :man_shrugging: and assume / hope you have the right range going forward. Data aggregation is hard… we’re getting better at it.

1 Like
#8

As I run “Test” on my rules, it does appear that it’s looking through past data…and not finding enough to analyze. I had thought it would simulate a request to actually Test it. Not evaluate past traffic through it.

#9

We try to use past data as the ‘how often would this trigger’ not would this trigger. Would a CIDR range trigger? Sure… what % of traffic would it impact based on the last 30 days?

1 Like
#10

That certainly makes a lot more sense than what I was thinking.

#11

Puh-lease… some of our decisions/ tools seem random to me and I work here… But testing %random% criteria against past traffic?

1 Like
#12

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.