China : Weird bypassing of WAF and Some many redirects
img
i have China IP and cant resolve?
img this works but in CN dont work website on subdomain
Hi, I setuped custom site in subdomain only for China country, but i got many many redirects, I dont have idea, why. Please lookup and help me.
In
log.log i run command curl -L -v epik.tk # but work on CN ip only.
---
Settings from dashboard:
- img
23 Replies
As for the image under "
Redirect Rules" you're linking to, http://zl.epik.tk/u/2024-05-28_21-41-40_NTB.png - change the condition there to become:
When incoming requests match...
Hostname <-> does not equal <-> cn.epik.tk
AND
Country <-> equals <-> China
By only having the "Country" option, it will redirect everyone, including those that are already on the cn.epik.tk sub-domain.Okay Changed
And works!
Thanks!
How i mark as solved 😅 😄
You're welcome, happy to hear it worked. 🙂
👍
If you right click your thread, can't you under "
Edit Tags" add the Solved tag?I check
Yes, i can
Thx
Okay I am back
I spotted wierd traffic ignoring WAF rules
somehow from China IP, is accasible root domain what i disabled (and replaced to cn.epik.tk as a redirect)
- ip
a2409:###:###:c2f3::1
- and ray-id 8951dbd8ae9907a1-HKG
- asn : 9808
- ua: Mozilla/5.0 (Linux; Android 13; V2188A Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/109.0.5414.86 MQQBrowser/6.2 TBS/047101 Mobile Safari/537.36 V1_AND_SQ_9.0.60_6478_YYB_D QQ/9.0.60.17095 NetType/4G WebP/0.3.0 AppId/537222799 Pixel/1080 StatusBarHeight/85 SimpleUISwitch/0 QQTheme/1103 StudyMode/0 CurrentMode/0 CurrentFontScale/1.0 GlobalDensityScale/0.90000004 AllowLandscape/false InMagicWin/0Although AS 9808 seems quite Chinese, are you able to share the actual IP?
Also, how exactly are you coming to the conclusion that WAF rules are ignored / bypassed?
i dont see that i got that information from api not web
2409:8938:ca0:c2f3::1
its cn ip https://radar.cloudflare.com/ip/2409:8938:ca0:c2f3::1
wait
i can see
oh
yeee i found a problem,
so i have epik.tk and epickyhrac.tk with same hosting and same cf tunnel and in epik.tk i have setuped that waf rule while in epickyhrac.tk i dont so ye
but thanks anyway 😄
solved
*so i just apply that waf rules from epik.tk to epickyhrac.tk * ✅
The classic problem of having multiple different domains, and then forgetting to ensure they all apply the same kind of rules. 😄
Happy to hear it's solved. 🙂
👍
Nothing in these screenshots seems to be related to
dynmap-mc.epik.tk or link-cn.epik.tk?Yes
I don't setuped because idk how xd
How much of it do you actually need?
Like are you both requiring this, but still also requiring the
cn.epik.tk we spoke about last month, or how far does it go?cn.epik.tk is only required for China
And same link-cn.epik.tk
dynmap-mc.epik.tk will be available for all
For the Redirect Rule(s) you have, such as e.g. hte previous we spoke abuot, that would redirect China to speific end points, you would need to create individual exclusions, so that e.g. "
dynmap-mc.epik.tk" would be excluded from the rules.
^
Before (as you needed previously):
When incoming requests match...
Hostname <-> does not equal <-> cn.epik.tk
AND
Country <-> equals <-> China
After:
When incoming requests match... Hostname <-> is not in <->If you also needed to exclude other host names from the redirect, e.g.dynmap-mc.epik.tkAND Hostname <-> does not equal <->cn.epik.tkAND Country <-> equals <-> China
example.epik.tk, you would just add the additional host name(s) to the list of exclusions, like e.g.:
Hostname <-> is not in <->For the blocking rules like e.g. this one, where you're doing something with "is indynmap-mc.epik.tkexample.epik.tk
cn.epik.tk", you also add other CN-only hosts, such as e.g. link-cn.epik.tk to the list.
The stuff you're doing is getting more and more complicated, -
I would more likely go in the direction of recommending two different domains for what you're doing, such as for example:
epik.tk -> global domain (including block china, or redirect china to .cn)
epik.cn -> china-only domain (including block non-china, or redirect non-china to .tk)
It would be with the cost of an additional domain, but it would add simplicity to your rules and WAF, the more (sub-)domains you add.