WAF Rules to Block Specific Countries Not Working - DNS Proxy Setting Issue?

What is the name of the domain?

What is the issue you’re encountering

WAF Rules to Block Specific Countries Not Working

What steps have you taken to resolve the issue?

Hi everyone,

I’m encountering an issue with WAF rules on Cloudflare and would appreciate some help.

Background:
I have a Shopify site where my domain is managed through Cloudflare’s DNS, but I haven’t enabled the proxy (the cloud icon is greyed out in the DNS settings). To protect my site, I’ve set up WAF rules to block access from certain countries. However, I noticed that visitors from the blocked countries can still access my site, and the rules seem ineffective.

Issue:
I suspect this issue might be related to the DNS proxy setting. Since my site is only using Cloudflare for DNS resolution without the proxy feature, I’m wondering:

Does disabling Cloudflare proxy (grey cloud icon) prevent WAF rules and other security features from working?
In this case, is there any way to use Cloudflare (or another service) to block access from specific countries?

Yes, because the requests don’t pass through your Cloudflare account, they go direct to the origin (in this case Shopify who also use Cloudflare).

You need to proxy the records and only use Shopify’s CNAME, not IP addresses. But first you need to raise a support ticket to ask for O2O to be enabled for this as for Shopify it still needs to be enabled manually by Cloudflare.

so, could u help me to enable O2O for my current domain name?

You need to raise a support ticket to ask for it to be done.

but now we use free plan, per on your support, there is no ticket for us, so ,
where we can ask to enable O2O for my current domain name?

Free plans can open an account, billing or registrar ticket. In your case, open an account ticket.

Because it is a free plan, I seem to be able to submit an account ticket, but I can’t track this ticket. So, I don’t know if it has been resolved. So, can you give me a clearer path to solve this problem.

I saw in the community that I can send an email to Bullock. I sent it, but he asked for leave and said that he would forward it to another person for support. I also sent an email, but I didn’t receive any feedback. So, can you give me a feasible path to help me complete the enable of o2o? Thank you very much.

I couldn’t find a support ticket for your domain or any ticket raised from an email associated with it, so I’ve enabled O2O for your zone myself. Let me know if you run into anything unexpected. :wink:

1 Like

Thanks so much, it works now. Thanks for your support. Cloudflare is doing great things, thanks, thanks.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.