Why Block USA Traffic

Hello I have a question. I have a rule set up to block all non-USA and Canadian traffic but in the events I am still see people being blocked using that rule? Country is no in United States or Canada, Block. That is my second rule my first one to whitelist and allow just my IP. (not ip.geoip.country in {“US” “CA”}). Ideas. I just don’t want customer traffic blocked. I also have 3 more, Block xmlrpc.php Attacks, Plugins, then blocking (in one rule) /wp-login.php and /wp-admin/, unless your IP address was whitelisted (allowed) in the first rule.

Let me post the rules in order just in case:

  1. (ip.src eq xx.xxx.xxx.xx). (my IP of course LOL). ALLOW

  2. (not ip.geoip.country in {“US” “CA”}). BLOCK

  3. (http.request.uri.path contains “/xmlrpc.php”). BLOCK

  4. (http.request.uri.path contains “/wp-content/plugins/” and not http.referer contains “domain.com” and cf.client.bot). BLOCK

  5. (http.request.uri.path contains “/wp-login.php”) or (http.request.uri.path contains “/wp-admin/”). BLOCK, because my IP was whitelisted in rule #1.

Thanks ahead of time.

  • Ray ID


  • IP address

xx.xx.xx.xx (not my ip, but an IP in the USA)

  • ASN



  • Country

United States

  • User agent

Mozilla/5.0 (iPhone; CPU iPhone OS 12_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/96.0 Mobile/15E148 Safari/605.1.15

  • HTTP Version


  • Method


  • Host
  • Path


  • Query string

Empty query string

I am assuming you are using 5 different rules.
Have you considered adding, for example, on rules 2, 3, 4 and 5 your IP? And removing rule 1?

Just some ideas, I haven’t simulated this in a WordPress active server.

1 Like

Nah, because #1 rule says no matter what the rules are only these IP address get past all rules, ALLOW. It’s working fine now actually. If they are USA based customers 95% of them try to get to the /wp-admin/ or /wp-login.php file. That blocks them right this. I put the Country based rule in the #2 slot. Thanks for the feedback.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.