I'm struggling to block access to the WAF, I am trying to block all but Cloudflare IP ranges from accessing the WAF however there is still traffic hitting the WAF from non cloudflare IP's. If you are a non cloudflare IP then you get a forbidden page instead of an outright block.
I have tried creating a blackhole NAT Rule to try and fix this but it doesn't work.
I have my existing WAF rule that is up and working and I want to blackhole or block anything that isn't Cloudflare.
I have tried making a NAT Rule to firstly allow the Cloudflare IP's on HTTP/HTTPS, then a rule under it that does the black hole.
It doesn't work and I never see traffic hitting either of the rules. I even tried just having the blackhole and it still never logs anything against that rule.
A few years ago I did this same thing for a customer and it was so easy, maybe in v17, what am I missing?
This thread was automatically locked due to age.
