WAF rule not blocking subdomain

What is the name of the domain?

‘cybercoa.ch’

What is the issue you’re encountering

Using a WAF rule to block bots, the rule is working for ‘cybercoa.ch’ and ‘www.cybercoa.ch’ but it is not working for ‘learn.cybercoa.ch’

What steps have you taken to resolve the issue?

I have checked the ‘learn’ subdomain is active for DNS proxy in cloudflare dashboard, and looking on the WAF status page I can see traffic being blocked for the root and www domains. When I visit the ‘learn’ domain I can test one of the rules and see it is not firing. One of the WAF rules is to block any request for .php files so this can be easily tested by going to ‘www.cybercoa.ch/test.php’ which sees the WAF rule fire like it should and block the request but going to ‘learn.cybercoa.ch/test.php’ is allowed through the WAF and the webserver serves a 404 error page.

Any ideas?

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full

What are the steps to reproduce the issue?

One of the WAF rules is to block any request for .php files so this can be easily tested by going to ‘www.cybercoa.ch/test.php’ which sees the WAF rule fire like it should and block the request but going to ‘learn.cybercoa.ch/test.php’ is allowed through the WAF and the webserver serves a 404 error page.

Please share a screenshot of this rule and let’s take a look.

Here is a screenshot of the rule and the Security dashboard stats that show events are being registered against the root and www domains but not the ‘learn’ domain

Thanks for your help

Mark

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.