WAF Firewall rule Error message CIDR Ranges

This is obviously going to be a simple question for someone here…but I’m trying to setup a Firewall rule in our cloudflare WAF to block a range example 111.111.111.0/24 when I type this in I get the following message.

“CIDR ranges can only be used with ‘in’ operators” when I use the in operator I cannot do a test on the entry

Can someone advise what the correct operator and syntax I should be using I’ve looked through the support pages and can’t seem to find an example I require.
Thanks in advance

Something like this?

1 Like

I’ll give that a try but when I did this and tried to test it Cloudflare reported cannot test “is in” or something to that effect, I’ll give it another go, thanks for being so quick in replying.

Yes I get the following error when I try to test the rule

That’s normal. The rule is valid, but they can’t spoof IP address in tests.

Cheers that great to know I was going round in circles thinking I had something wrong Big Thanks

Pearl

1 Like

More a limitation of the system we don’t have a good way to test that rule against the way data is collected/ stored. In this instance we can’t easily compute the CIDR range and evaluate it against previous data… I assume because we don’t use that as a meaningful key and so we :man_shrugging: and assume / hope you have the right range going forward. Data aggregation is hard… we’re getting better at it.

1 Like

As I run “Test” on my rules, it does appear that it’s looking through past data…and not finding enough to analyze. I had thought it would simulate a request to actually Test it. Not evaluate past traffic through it.

We try to use past data as the ‘how often would this trigger’ not would this trigger. Would a CIDR range trigger? Sure… what % of traffic would it impact based on the last 30 days?

1 Like

That certainly makes a lot more sense than what I was thinking.

Puh-lease… some of our decisions/ tools seem random to me and I work here… But testing %random% criteria against past traffic?

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.