WAF on Nextcloud

I have the Cloudflare WAF setup on the domain of my nextcloud server, but seems to not be working. I blocked my public IP and am still able to access everything fine.

Could you share a screenshot of the Firewall Rule you’ve created?


I have triple checked my public IP matches the WAF rule.

And the domain is proxied :orange:?

Yes

Hmm, do you have any Firewall Rules where the action is Allow? Rules are applied in order so another rule with action Allow could result in this one being skipped.

My rules are as follows:
Allow my IP
Challenge Medium Threat Score
Block Bots + high threat score
Block all county’s besides US

For the testing, I changed the allow part of the “My IP” rule to block so there were not allows.

Do you have any IP Access Rules?

1 Like

May I ask is the Cloudflare IP or your public IP returned on the origin host or a server side, better to say on the Nextcloud?

Possible issue with a cache options, maybe?

Nevertheless, is Cloudflare allowed to connect to your origin host/server?

May I ask do you pay for some Cloud Nextcloud instance, or self-host it?

Furthermore, may I just add a note as far as depending on the Cloudflare plan which you are using for your domain name, there is a limit for the upload while using proxied :orange: hostname where your Nextcloud is installed (if using web interface for uploading large files):

Cloudflare limits the upload size (HTTP POST request size) per plan type:

  • 100MB Free and Pro
  • 200MB Business
  • 500MB Enterprise by default. Contact Customer Support to request a limit increase.

Source article:

Looks like the clearing Cloudflare’s cache did it. Why did that work though? Local cache had been cleared and had to go to Cloudflare. Since Cloudflare was still severing the traffic, shouldn’t it still have followed the WAF?

If so, may I also ask are you using any custom Page Rules, or better to ask could you re-check which values have you got selected for the Caching Level and Browser Cache options at Cloudflare dashboard for your domain?

I have no page rules, the caching level is standard, and the TTL is 4 Hours

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.