WAF rule not working correctly

I have a simple WAF custom rule that goes like that
(http.host ne “dn.######.eu” and ip.geoip.country ne “GR”)

if the rule passes then the action taken is block.

What I want to accompliss is unless someone wants to connect to the dn. subdomain the all requests outside of greece should be blocked. I tried then to connect to the subdomain from an US ip and its says blocked! even tho I am trying to connect to the DN subdomain. I am at my wits end. What am I doing wrong?

If I disable the rule then the domain works fine and ofc when I connect from INSIDE greece then the rule does not pass. Again I have only this one and only rule nothing else filtering. I used geotargetly to check and 10 seconds after disabling the rule everything connects fine.

What do you think wise people?

Hi there,

If I am reading your rule correctly, it says:

http.host ne “dn.######.eu”

IF HOST IS NOT EQUALS dn.######.eu

AND

ip.geoip.country ne “GR”

IF IP IS NOT EQUALS GREECE

Block.

Shouldn’t it be if the host equels dn subdomain and ip not from Greece then block?

Please clarify your thought process here on this rule.

Our waf rules are also not getting applied. In our last call it was informed that we need to migrate to new rules. It’s currently not working for us at all. Can anyone suggest what to do here?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.