WAF not working

duoclock · April 9, 2022, 12:39pm

Hi! Firewall rules do not work. How can this be? help solve the problem.

domjh · April 9, 2022, 12:42pm

Do you want this to block both requests to both wp-admin and wp-login with the query string? If so then you probably want to switch from and to or. Currently it cannot match because it does not also dontain /wp-admin, only wp-admin.

duoclock · April 9, 2022, 12:44pm

Thanks !!!

duoclock · April 9, 2022, 1:00pm

It looks like the problem is not solved

duoclock · April 9, 2022, 1:46pm

The full block of all ips works. Other ip permissions don’t work for me. I so understood to me someone replaces IP.

If you leave the rule “block admin” everything works fine. What do you recommend doing?)

domjh · April 9, 2022, 2:12pm

I wonder if one of the higher rules is overriding it, if you move it to the top of the list does it work OK?

duoclock · April 9, 2022, 3:32pm

Thanks! )
zwaf work

How can priority be affected?
On the other account, the priority is the same. Everything works great.

duoclock · April 11, 2022, 9:54am

I noticed that the priority does not work either. Watch the video.
firewall not working.

Google Disk

duoclock · April 12, 2022, 10:35am

What to do with this phenomenon?? Is this a bug or am I doing something wrong?

KianNH · April 12, 2022, 12:20pm

You’ve allowed IP addresses or URI Path containing admin - so it’ll never get blocked.

Change it to and, not or

duoclock · April 12, 2022, 2:32pm

Thank you! Works!

duoclock · April 12, 2022, 5:13pm

Again I see this problem. What about the Cloudflare service?

link video

duoclock · April 23, 2022, 11:00am

what to do ? floating problem. This is the most important function in the CF service. Where else to write about my problem?

Allow IP url

Block URL

jwds1978 · April 23, 2022, 11:11am

The issue isn’t with WAF. The issue is with your rules. Rule expressions · Cloudflare Ruleset Engine docs

In these screen captures, while you’ve blocked any URI with wp-admin in it, you’ve also allowed any URI with wp-admin in it. Which do you want to do, allow or block for wp-admin?

You’ve got two rules with the same match, but opposite actions, contradicting eachother. From what I assume you want to do with the “Allow admin ip” rule, you want the operator to be AND not OR.

With that said, you could combine both of those rules into a single rule, as below:

(
    http.request.uri.path contains "wp-admin"
    and not ip.src in {46.211.0.0/16}
)

duoclock · April 23, 2022, 11:58am

Thank you. Your version works.

system · April 26, 2022, 11:58am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.