What firewall rules are still applicable when the country is white-listed?


#1

I added a rule in the new CF firewalls to filter out if the ‘http.host’ equals one of my subdomains. However since my country was white-listed, the rule wasn’t being triggered. The rule wasn’t triggered even if I specified my current IP. If I am not wrong the whitelist supersedes all additional firewall rules.

It worked fine as soon as the country whitelist was removed. This leads me to believe that there is some sort of segregation in terms of rules being triggered. I say that because I have seen the standard WAF rules working fine(atleast I hope so).

Please help.


#2

It looks like a whitelist rules then ignores all other rules.

Whitelist: Ensures that an IP address will never be blocked from accessing your website. Only use for verified IPs that you trust!

That seems to make sense… that’s what a whitelist entry should do.


#3

I agree. However shouldn’t a country whitelist behave differently ? I mean there can’t be a scenario where someone trusts a whole country to bypass a firewall.
Anyways, thanks for your answer. Lesson learnt.


#4

Indeed. that’s why they have three other rules Block, Challenge JavaScipt Challenge. :slight_smile: