Can Cloudflare effectively protect my REST API backend server if it’s exclusively used by mobile app

Specifically, when sending requests from Swift or Android, there’s no context, such as user-agent headers. Additionally, the IP addresses originate from GSM providers, which might make it difficult for Cloudflare to accurately identify traffic. Would setting WAF rules to allow only specific countries still work reliably in this scenario?

sampahSarap•11/16/24, 11:13 AM

WAF custom rule can do.
https://developers.cloudflare.com/waf/custom-rules/use-cases/allow-traffic-from-specific-countries/

Cloudflare Docs

Allow traffic from specific countries only | Cloudflare Web Applica...

This example blocks requests based on country code using the ip.geoip.country field, only allowing requests from two countries: United States and Mexico.

sampahSarap•11/16/24, 11:14 AM

Block by user-agent example at rate limit, but you still can use at custom rule
https://developers.cloudflare.com/waf/rate-limiting-rules/use-cases/#example-3

Cloudflare Docs

Rule examples | Cloudflare Web Application Firewall (WAF) docs

The examples below include sample rate limiting rule configurations.

Can Cloudflare effectively protect my REST API backend server if it’s exclusively used by mobile app

Similar Threads

Similar Threads

Similar Threads