How to block access to certain url if IP address not in list?
Only certain IP addresses should be allowed to visit URLs that start with
mysubdomain.mydomain.com/wp-json.
I can't find this setting in Cloudflare.
I've tried it with a WAF rule to block when: (http.request.uri contains "mysubdomain.mydomain.com/wp-json" and ip.src ne 188.8.2.0) where the IP address is just a random ip address. Yet, with this rule in place, I can still visit the url.4 Replies
http.request.uri only covers the path and query string, you can use http.request.full_uri instead
ref: https://developers.cloudflare.com/ruleset-engine/rules-language/fields/#standard-fieldsThanks Erisa, but what I now have seems to always block access. For example, when I use
(http.request.full_uri contains "subdomain.mydomain.com/wp-json" and ip.src eq 1.1.1.1) I still get blocked.Do you have multiple rules?
No, it's my only WAF rule.
I have one redirect rule but that's not even related to this subdomain.
It blocks both with
(http.request.full_uri contains "subdomain.mydomain.com/wp-json" and ip.src eq 1.1.1.1) and (http.request.full_uri contains "subdomain.mydomain.com/wp-json" and ip.src ne 1.1.1.1).
The rule now works. It just seemed to have needed some time to be propagated everywhere...