We have a vendor that uses EWS to send email traffic through our on-premise Exchange, using a domain account provided by us. When we implemented WAF a couple weeks ago, all traffic stopped. Turning of the proxy for Exchange allowed the traffic to pass again, but we have had to open up port 443 to the world, to keep Exchange working. Anyone else seen that and have suggestions? Thanks.
When Cloudflare blocks traffic, it will appear in the Firewall Events Activity Log. As it’s a Subdomain, it should be pretty easy to filter the results for that.
Once you find a match to the event, click on it and it will tell you which setting blocked the access. Post a screenshot of that if you need further assistance. Blacked out sensitive info, if necessary.