I’m encountering an issue with WAF rules on Cloudflare and would appreciate some help.
Background:
I have a Shopify site where my domain is managed through Cloudflare’s DNS, but I haven’t enabled the proxy (the cloud icon is greyed out in the DNS settings). To protect my site, I’ve set up WAF rules to block access from certain countries. However, I noticed that visitors from the blocked countries can still access my site, and the rules seem ineffective.
Issue:
I suspect this issue might be related to the DNS proxy setting. Since my site is only using Cloudflare for DNS resolution without the proxy feature, I’m wondering:
Does disabling Cloudflare proxy (grey cloud icon) prevent WAF rules and other security features from working?
In this case, is there any way to use Cloudflare (or another service) to block access from specific countries?
Yes, because the requests don’t pass through your Cloudflare account, they go direct to the origin (in this case Shopify who also use Cloudflare).
You need to proxy the records and only use Shopify’s CNAME, not IP addresses. But first you need to raise a support ticket to ask for O2O to be enabled for this as for Shopify it still needs to be enabled manually by Cloudflare.
Because it is a free plan, I seem to be able to submit an account ticket, but I can’t track this ticket. So, I don’t know if it has been resolved. So, can you give me a clearer path to solve this problem.
I saw in the community that I can send an email to Bullock. I sent it, but he asked for leave and said that he would forward it to another person for support. I also sent an email, but I didn’t receive any feedback. So, can you give me a feasible path to help me complete the enable of o2o? Thank you very much.
I couldn’t find a support ticket for your domain or any ticket raised from an email associated with it, so I’ve enabled O2O for your zone myself. Let me know if you run into anything unexpected.