What Firewall Rule was used for blocking this IP?

In Firewall Event Log i see “Firewall Rule” when some IP are blocked by my rules, but what rule?

Can you post a screenshot? Cloudflare appears to have made some changes recently and should actually also display the rule name at this point.

No Firewall Rule name…

In this case you will have to use the API at https://developers.cloudflare.com/firewall/api/cf-filters/get/#get-by-filter-id to get the filter which is listed under match triggered.

1 Like

2 or 3 hours of programming php and api only for get what rules are used for blocking a specific user?? Really??

It is a bit cumbersome and shouldnt be necessary, however it should neither take two to three hours. Following the provided example it should take ten minutes max.

What I do is open an incognito browser tab and, using a proxy-IP service, break each of my firewall rules. I then check the Events log, and list for each rule that Filter number under “Match Triggered”.

I have this small list on Keep, so I can check it anytime. After using this for a few days you will memorize which Filter match which rule, as only the first 3 or 4 characters of the Filter number will be enough to make this association.

1 Like

All due respect, but this is ridiculous. Why can’t the name of the firewall rule be displayed alongside the filter ID in the UI? What madness is this?

For anyone looking for a “simpler” solution than doing API requests, you can inspect the network request of the rules when you go to the Firewall Rules tab. The data will contain a filter with an ID, which is what you want to compare against.

You can then make a list with these ID’s and correlate them to the firewall rule name.

Apparently making this available to us in the UI was too hard for the Cloudflare engineers.

1 Like

EDIT: I stand corrected - that’s an awesome way to see the filter ID. Thanks for that.

This topic was automatically closed after 30 days. New replies are no longer allowed.