Hello I have a question. I have a rule set up to block all non-USA and Canadian traffic but in the events I am still see people being blocked using that rule? Country is no in United States or Canada, Block. That is my second rule my first one to whitelist and allow just my IP. (not ip.geoip.country in {“US” “CA”}). Ideas. I just don’t want customer traffic blocked. I also have 3 more, Block xmlrpc.php Attacks, Plugins, then blocking (in one rule) /wp-login.php and /wp-admin/, unless your IP address was whitelisted (allowed) in the first rule.
Let me post the rules in order just in case:
-
(ip.src eq xx.xxx.xxx.xx). (my IP of course LOL). ALLOW
-
(not ip.geoip.country in {“US” “CA”}). BLOCK
-
(http.request.uri.path contains “/xmlrpc.php”). BLOCK
-
(http.request.uri.path contains “/wp-content/plugins/” and not http.referer contains “domain.com” and cf.client.bot). BLOCK
-
(http.request.uri.path contains “/wp-login.php”) or (http.request.uri.path contains “/wp-admin/”). BLOCK, because my IP was whitelisted in rule #1.
Thanks ahead of time.
- Ray ID
78dafa2b6ff57e82
- IP address
xx.xx.xx.xx (not my ip, but an IP in the USA)
- ASN
AS203020 HOSTROYALE
FilterExclude
- Country
United States
- User agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/96.0 Mobile/15E148 Safari/605.1.15
- HTTP Version
HTTP/1.1
- Method
GET
- Host
- Path
/
- Query string
Empty query string