Thank you, exactly what I was looking for (confused with priorities). Loved you sentence "first your allow, then you block" cristal clear! Cheers from France
Thank you for the helpful video on using Cloudflare to allow/block specific traffic. I want to restrict access to my website to allow traffic only from the USA or AHREFS IP addresses. Unfortunately, AHREFS has numerous IPs, so I'll have to modify whatever expression example you might provide to me so I can cover all AHREFS IPs. Would you give a sample expression to accomplish my goal?
In short it will be a very helpful for the community if you create the video about the usage of client certificate verified firewall rule. and how to install certificate in client machine.
ALSO Sir, The process i used to create the certificate to install it in my client machine is first i get the pem and key file from cloudflare create client certificate option and then use these commands openssl pkcs12 -export -out 03_abccert.pfx -inkey 1_key.key -in 1_pem.pem which gives me single file of pfx which i installed into the client machine and than client able to use my web application.
Hello I am facing issue in cloudflare firewall rule based on client certificate verified option. Actually I have apply the rule on the basis of client certificate verified option. For that I have create the client certificate from cloudflare and install it on client machine. But it is not consistent some time it works fine but it gives access denied error to the client some time.
Hi I have cloudflare firewall rules in my website which blocks the backend for admin I did the rules for blocking hackers. When the firewall is activated the SMTP contact form does not work. Any suggestions?
Thank you for this excellent tutorial on Cloudflare Firewall Rules. One question: can one set a rule to block access to the wp-admin (and/or wp-login.php), except for a specific IP address? If so, how.
you would setup 1 rules rule 1 - uri contains wp-admin AND ip source address "is not in" [your ip address(es) THEN block (expression preview = (http.request.uri contains "wp-admin" and not ip.src in {x.x.x.x y.y.y.y})
Thanks for the explanation. I would like to know, what are my options to create a rule(s) that: Would block everyone from a specific country but allow certain users. The users would not be very technical to set cookies. Cannot depend on them for any configurations. I have thought of using IP but that would be dynamic and user agents may not be unique I believe. Any other options?
there are multiple ways to achieve this. an interested method is to ask you developer to make a tiny page (for example domain.com/add which any visitor that goes to this page the code of the page will add a special cookie for them and then they will be able to access the rest of the site. let me know if that makes sense.
@@Astralwebincloves Yes it makes sense. Thanks. However any bad bots or malicious actors scanning the site for all subdirectories/urls could end up on the page and then access the site as well. Could you please share some more options & ideas? What about client certificates? Any guidelines on how to install that in a simple way?
@@Astralwebincloves is it normal for there to be 2 A records under cloudflare DNS for the same domain name? I have two A records listed with two ip addresses that point to amazon….i posted this question on another of your videos…so i apologize for the redundancy.
@@redstormsju777 in general there can only be 1 A record per domain. If you have other subdomains or other addresses you could have more than 1 A record. Can you share the domain name or a screenshot so i can help verify the exact data?
I’m fuzzy about the cookie example, I don’t play around on the website space very much but I was understood the cookies were issued by websites to store information on a computer browser but I didn’t know you could populate some sort of cookie in your own browser as almost like an information token when you connect to a website. Am I misunderstanding or is that how it works?
@@Astralwebincloves I actually had no idea that was an option, interesting. I wonder where one can figures these things on the browser, but I’ll take a look when I can sit down to a computer I suppose.
@@ColinMcRaeVIT you can search on youtube, but in short, you go to "inspect" on your chrome browser -> application tab -> cookies and add or edit your own
