WAF Restriction to subdomain doesn't work

What is the name of the domain?

subdomain.domain.de

What is the error number?

No error number, the restriction doesn’t work

What is the error message?

No error message, the restriction doesn’t work

What is the issue you’re encountering

WAF Restriction to subdomain doesn’t work

What steps have you taken to resolve the issue?

Hi folks,
I am currently trying to block a specific subdomain (a testdomain of a wordpress website) from the public internet, so that only people inside our company can access it.

I read all the posts I could find, and did exactly the same steps, but the blocking doesn’t work.

What did I do/or tried so far:

I created a DNS record in Cloudflare for the subdomain, I tried both A-Record and CNAME, Proxy is on.
After that I created a WAF-Rule (http.host eq “subdomain.domain.de” and not ip.src in {IP from our company}) → Action = block.
I also tried (http.host contains “subdomain.domain.de” and not ip.src in {IP from our company}) → Action = block. And waited several hours, to make sure, the problem isn’t DNS related.

What I am missing?

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full

Can you give the real domain and subdomain and show a screenshot of the WAF you you have created.

The real domain and subdomain is: testdomain.leitplanken-discounter.de

And here the WAF-Rule:

testdomain.leitplanken-discounter.de is set to “DNS only” and not “Proxied” so requests are going directly to your server/host and not passing through Cloudflare, so the WAF rule isn’t applied to traffic.
https://cf.sjr.org.uk/tools/check?d144e435b51040f681d23dd67aeaac01#dns

You will need to proxy the subdomain if you want the WAF rules to do anything.

1 Like

Thx a lot sjr.

With your hint I was able to found out, that someone halted the website, probably because of people complaining about captchas, so on the DNS-Tab the proxy-function was enabled, but couldn’t work.

Now everything seems to work as intended.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.