WAF rule which has been in place for years now changed from showing in Expression Builder to only showing in text box, trying to save give “unsupported” message
What steps have you taken to resolve the issue?
Rewrite WAF rule step by step::
ip.geoip.asnum in {15169 396982} is OK
adding
and not ip.src in $googlebot_ip_lists
gives the above error
Have lists been dropped from being supported in the free tier now?
On further checking EVERY WAF rule now no longer works in Expression Builder even though the actual rule works
I’ve made the changes from ip.geoip.country to ip.src.country, and ip.geoip.asnum to ip.src.asnum - but still get the same error, and found a new one
But there is a bug in that WAF no longer see my list $googlebot_ip_lists and just give me a “no lists” message, with a link to “manage lists” which then shows my list
Further to that even if I simplify the rule right down to just being if in ASN is in a few ASN’s it still gives the original error message - it looks like once it has raised “%s function forbidden fields, at index: 0” then even a very simple rule gets the error, and there is something wrong with the way its not getting my list
Yes, menu option is there, and the link in Expression builder for “manage lists” takes me there, and I can see, open, and edit, my list - it just doesnt seem happy that it exists when trying to use it
Cannot create any WAF rules, been having an ongoing issue with the error message “%s function forbidden fields, at index: 0” for a while, previous topic got closed as I was still trying all sorts to find a cause
What steps have you taken to resolve the issue?
Create a simple rule:
(ip.src.country eq “US” and not ip.src.asnum in {8075 15169 13335 32934 714 13649})
Save
Get error
Tried: incognito, different browser, etc., etc., There appears to be a bug where once you have got the above error anything you try to change just gives the same error
As previous ticket: Lists no longer work in Free tier, WAF rules that use lists no longer work, look like some major bugs were introduced when the changes were made e.g. ip.geoip.country changed to ip.srs.country etc. which has broken any WAF rule that uses them
Was the site working with SSL prior to adding it to Cloudflare?
Yes
What is the current SSL/TLS setting?
Full (strict)
What are the steps to reproduce the issue?
Create a simple rule:
(ip.src.country eq “US” and not ip.src.asnum in {8075 15169 13335 32934 714 13649})
Save
Get error
I think its just the cut and paste as I created it in the expression builder and then copied from the text area to make sure it was created correctly as I’ve been having this issue for a few weeks now - any change to any WAF rule fails with the same error
Lists no longer work in the free tier for me - they can be put in the text editor but in the expression builder it tells me I have no lists and gives a link to the lists, follow the link and it shows my list, but the list doesnt appear in the drop down
Any rule that had the old ip.geoip.* notation in it no longer works, text is displayed but cannot be edited
Changing any rule that uses ip.geoip to ip.src gets the same error
Creating a new rule using expression builder just gives the same error - as I cannot use WAF rules I implemented some redirect rules to just use most of the same logic to redirect to nowhere which appears to be more effective than giving people a blocked screen - attempts from ASN8075 dropped from 200k+ a day to a few tens of attempts when redirected nowhere rather than just giving a Cloudflare blocked screen but I’d like to be able to use WAF rules
Create the WAF rule in the text editor but use the old ip.geoip.* notation and you dont get the error and the WAF rule is created
BUT
Click on “Use Expression Builder”, get the error about unsupported syntax so fix the ip.geoip.* to ip.src.* and the expression builder shows the rule, but then click on Save and you are back to the %s function forbidden fields, at index: 0 error
So: WAF rules are stuffed - you cant create them, you cant edit them, and any that use the old syntax no longer work - looks like a pretty serious bug to me???
Anyone got any ideas how I can get Cloudflare to look at this major bug?
Cant raise a ticket
Cant use WAF
Cant get any response
Workaround is currently to use redirect rules but thats not a proper result - there is some bug / issue with my account that is causing the “%s function forbidden fields, at index: 0”
@sdayman - Any ideas? This looks like its an account issue but there is no way for me to raise anything other than here
Doesnt matter which editor I use, same result, whats odd is that only one of my rules opens in the click and select area at the top, they all open in the text editor, and are in the old syntax, if I correct the syntax I can get them to appear in the top section, but lose the list, so tried removing the list reference but still get the same error
If I create a rule in the click & create section, even a simple “ASNum = … and not bot”, gets error
If I open an old rule - which isnt blocking anything anymore - and try to edit it I can correct the text editor text so that I can get it in the click & select section, but same error when saving
Even a single line ASN = … rule gets the same error
Not downgraded, never upgraded from free, list cant be selected but the link to manage lists then shows the list !
I see the old “Firewall Rules” header so I only get option for old WAF rules? Wonder if thats the issue?
Cheers for the help - I’m at the point of giving up as I’m using redirect rules to redirect unwanted traffic rather than being able to use WAF rules to block it
Shouldnt I have been upgraded to the “Custom Rules” option at some point? I will check if any of my other domains get that option