Zone lockdown to URL that includes port

I have a url which I want to restrict which looks like

When I use in a zone lockdown I can see that it is successfully restricted to the cidr block that I set; however, IPs outside of this block can still access How can I restrict this full url to specific IPs?

I would personally recommend using WAF Custom Rules instead of Zone Lockdown rules. WAF Custom Rules are newer and provide more functionality. You can create Custom Rules in the WAF tab of the dashboard.

Create a new Custom Rule with the following expression. This will block any requests to regardless of the port, unless the client IP address is or in the subnet.

( eq ""
    starts_with(lower(http.request.uri.path), "/swagger")
    not ip.src in {}

1 Like

In your Firewall / Custom Rules, you can use the field cf.edge.server_port, which is available on paid plans.

This would match any requests for ports other than 80 and 443:

not (cf.edge.server_port in {80 443})

That worked perfectly, thanks


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.