WAF Rules can't stop all spam request

sohrabi.mohammadjava · April 19, 2025, 7:53pm

What is the name of the domain?

What is the issue you’re encountering

Hi everyone, I’m currently using Cloudflare (Free plan) to protect my website and have blocked a range of IP addresses via 4 WAF rules . 1-ip range 52.169.0.0/16 2-banned ireland access 3-banned azure8057 4-banned wp folders . as you see lots of requset includes waf rules has had passed the firewall and accessed the server . whats the solution ?

Screenshot of the error

sdayman · April 19, 2025, 8:26pm

If you instead filter by “Served by Origin”, do you still get entries?

sohrabi.mohammadjava · April 19, 2025, 8:45pm

Hi .
In some case yes . But in this case no
This story repeat daily and cloudflare can’t stop spam request that are fully matched to waf rules

sdayman · April 19, 2025, 8:50pm

That makes no sense. If it’s served by Cloudflare, then it’s not served by Origin.

system · May 4, 2025, 7:54pm

This topic was automatically closed after 15 days. New replies are no longer allowed.

Topic		Replies	Views
Waf and Rules Not Working Rules	15	969	April 19, 2024
My website is blocked Website, Application, Performance	12	24	April 17, 2025
WAF not blocking non-UK IPS Security	13	1277	March 9, 2023
WAF Custom Rules Not Working Security	6	101	March 8, 2025
Difficulty Blocking Spam Entries via IP Access Rules on Cloudflare Rules	1	18	October 29, 2024

WAF Rules can't stop all spam request

What is the name of the domain?

What is the issue you’re encountering

Screenshot of the error

Related topics