WAF is ignoring my rule

Hello,

I have the following DNS configuration:

As you notice, I have set the subdomain api.clipperfy.com to redirects to 4 possible NS

And in Security → WAF if I simply add a rule to block ALL the request to api.clipperfy.com it’s simply ignored, and it continue to allow traffic to that domain Imgur: The magic of the Internet

Is there a way to set up a WAF configuration to restrict the traffic from the subdomain api.clipperfy.com that redirects to 4 possibles NS?

You have delegated the nameservers for api.clipperfy.com to AWS, and those nameservers point api.clipperfy.com to AWS. Therefore traffic for api.clipperfy.com does not pass through Cloudflare so the WAF rules can’t do anything.
https://cf.sjr.org.uk/tools/check?279c430c4a444c9283b7a5b2d7e87f48#dns

You would need to remove the nameserver delegation and have api as a proxied A record in the Cloudflare DNS for the WAF to see that traffic.

2 Likes

I understand. I’ve just removed all the nameservers pointing to different AWS NS, and instead added a new A RECORDD so that api subdomain redirects to the EC2 IP directly without going through AWS NS.

On EC2, I have an NGINX server redirectingg incoming traffic to a SpringBoot service running on port 8443. However, after making the change you mentioned of replacing the NS with an A recordd, I’m getting a “TOO MANY REDIRECTSS” error when trying to access api* subdomain

Did I make a mistake by adding just a single A recordd redirectingg to the fixed public IP of EC2?

Set your SSL/TLS settings to “Full (strict)” here…
https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls

2 Likes

Thank you so much, you have no idea how incredibly helpful your contribution has been. I really appreciate it, thank you very much.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.