I have a rule in place yesterday “(ip.geoip.country ne “US”) or (ip.geoip.country ne “BR”)” This morning I went to my site and it was blocked. I checked my IP address and confirmed it was correct. However I was being blocked when I have a rule that if not US or BR then block.
Why was my BR IP being blocked? Is there something I am not understanding. In the meantime I changed to managed response.
Check the Firewall Activity Log and it’ll show you what country it’s associating with your IP.
In the event it’s wrong, follow https://support.cloudflare.com/hc/en-us/articles/200168236-Configuring-Cloudflare-IP-Geolocation#12345683
Check MaxMind’s GeoIP database and if it’s correct there but incorrect in Cloudflare, open a support ticket (or post here).
Good point. Yes, it shows that rule blocking and my ASN is AS18881 TELEFONICA BRASIL S.A
Maxmind is correct because I use that in other software and knows I am in BR. Thanks will report.
I think your issue is probably that you’re using or rather than and in your rule.
If you are not in the US OR you are not in Brazil, block - you are not in the US, so as far as I’m aware, you will be blocked under that first condition.
Change it to (ip.geoip.country ne "US") and (ip.geopip.country ne "BR")
As an example, if your country code is GB then that rule should match on…
GB is not US
GB is not BR
However, since yours is BR…
BR is not US
BR is BR
Since you match the ip.geoip.country ne "US" branch, you would be blocked.
Using and, it’d be more like…
GB does not equal US and GB does not equal BR → block
BR does not equal US and BR does equal BR → allow
BR is allowed since it didn’t match both conditions to be blocked, and so would US.
This is why it’s better to use “is in” or “is not in” when doing multiple checks on the same field.
(not ip.geoip.country in {"US" "BR"})
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.