Hi,
Is it possible to set a Cloudflare WAF Firewall rule to be specific to the data center that is serving the content?
Inside of a worker, this appears to be the cf.colo variable.
Can this be referenced in WAF?
ip.src.asnum in {16509} and ip.colo eq “SEA” ??
That’s generally not a good idea, as colos aren’t necessarily indicative of the location of the user.
What is it you’re hoping to accomplish with such a rule?
Hmm.. I’ve always wondered that…
But right now - I have this bot that is using Google Cloud and ALL of the requests are from the Seattle Datacenter.
SO what I was hoping to do? Tomorrow morning turn on the rule to ‘Challenge’ all Google Cloud IPS requesting from Seattle with a Chrome user agent…
I think maybe this would be accomplished very easily with a snippet? Going to look at that, but I would love to just be able to keep the rules in the Cloudflare Onlline Platform. I’m sure once I ‘release’ this rule.. they will change it quickly… but it will block them for the morning at least…
Basically I blocked like 5, they came back with 10 ips I blocked those and they came back with 50 ips LOL, but they are all out of Seattle.
So I just want to block specifically them for some time.
While you can’t do colo, you can go by state, like this:
(ip.src.region_code eq "WA")
This topic was automatically closed after 15 days. New replies are no longer allowed.