WAF Rules letting some requests through, that it should it not be
📏Rules✅Solved
Hey there. I seem to be having an issue with WAF allowing requests through, when the rules I've provided should stop that.
For now these are the only two rules (I plan to add some before block outside of NZ to allow certain requests, later)
Custom Rule 1
Action: Block
(note: I will likely amend this to check full path uri for www.mydomain.net/index.html, etc, but as it is, this should still mitigate those shown in the screenshot)
--
Custom Rule 2
Action: Block
--
The website is currently hosted on cloudflare pages.
The domain and subdomain are proxied
in the DNS.
domain.net -> CNAME: mypage.pages.dev
www.domain.net -> CNAME: domain.net
SSL: Full & Always use HTTPS, HSTS: On
----
What could be letting them through?
There are several other IPs skipping mitigation as well; although the majority are getting blocked; this is still concerning.
Am I doing something wrong?
For now these are the only two rules (I plan to add some before block outside of NZ to allow certain requests, later)
Custom Rule 1
Action: Block
(note: I will likely amend this to check full path uri for www.mydomain.net/index.html, etc, but as it is, this should still mitigate those shown in the screenshot)
--
Custom Rule 2
Action: Block
--
The website is currently hosted on cloudflare pages.
The domain and subdomain are proxied
in the DNS.domain.net -> CNAME: mypage.pages.dev
www.domain.net -> CNAME: domain.net
SSL: Full & Always use HTTPS, HSTS: On
----
What could be letting them through?
There are several other IPs skipping mitigation as well; although the majority are getting blocked; this is still concerning.
Am I doing something wrong?
Welcome to the official Cloudflare Developers server. Here you can ask for help and stay updated with the latest news
87,353Members
Resources
Similar Threads
Was this page helpful?
