Home > Software design >  My Cloudflare firewall rule are blocking request from Github. I need bypass a custom URL
My Cloudflare firewall rule are blocking request from Github. I need bypass a custom URL

Time:08-30

I have a Cloudflare Firewall Rule that Blocks ASN from different companies (Amazon, Microsoft etc) to prevent attacks from VPS.

(ip.geoip.asnum eq 14618) or (ip.geoip.asnum eq 8075) or (ip.geoip.asnum eq 16276) or (ip.geoip.asnum eq 16509) or (ip.geoip.asnum eq 14061) or (ip.geoip.asnum eq 62567) or (ip.geoip.asnum eq 51167) or (ip.geoip.asnum eq 56617) or (ip.geoip.asnum eq 6188) or (ip.geoip.asnum eq 40819)

The problem is that when I run an Actions on my Github repository, Cloudflare is denying it access to my API URL (Due to the rule I already said, since Github uses Microsoft services). And I need to get a HTTP 200 code in response from my API URL, but since it is blocking the request, I only get a HTTP 403 code. (Which cloudflare shows as access denied, error 1020)

I tried to create another Firewall rule to bypass specific URLs of my site, example: attacks

EDIT:

My github action makes 3 GET request per link. And I have 4 Links (1 main domain and other 3 subdomains registered as CNAME:

https://example.com/en.php?datazo=secretID
https://sub1.example.com/en.php?datazo=secretID1
https://sub2.example.com/en.php?datazo=secretID2
https://sub3.example.com/en.php?datazo=secretID3

And this is the log from Cloudflare:

params

Inside log: (I used the https://example.com/en.php?datazo=secretID example)

param2

RULE "BYPASSING":

enter image description here

CodePudding user response:

Your rule says

(http.request.full_uri eq "https://example.com?api=secretID1" and http.request.full_uri eq "https://example.com?api=secretID2" and http.request.full_uri eq "https://example.com?api=secretID3" and http.request.full_uri eq "https://example.com?api=secretID4")

This would never be true as your URL can never be equal to more than 1 value at any given time. Maybe change the and to or

or instead of eq use contains or even better http.request.uri.query eq or http.request.uri.query contains

  • Related