What Firewall Rule was used for blocking this IP?

#1

In Firewall Event Log i see “Firewall Rule” when some IP are blocked by my rules, but what rule?

0 Likes

#2

Can you post a screenshot? Cloudflare appears to have made some changes recently and should actually also display the rule name at this point.

0 Likes

#3

No Firewall Rule name…

0 Likes

#4

In this case you will have to use the API at https://developers.cloudflare.com/firewall/api/cf-filters/get/#get-by-filter-id to get the filter which is listed under match triggered.

1 Like

#5

2 or 3 hours of programming php and api only for get what rules are used for blocking a specific user?? Really??

0 Likes

#6

It is a bit cumbersome and shouldnt be necessary, however it should neither take two to three hours. Following the provided example it should take ten minutes max.

0 Likes

#7

What I do is open an incognito browser tab and, using a proxy-IP service, break each of my firewall rules. I then check the Events log, and list for each rule that Filter number under “Match Triggered”.

I have this small list on Keep, so I can check it anytime. After using this for a few days you will memorize which Filter match which rule, as only the first 3 or 4 characters of the Filter number will be enough to make this association.

1 Like