Thank you, exactly what I was looking for (confused with priorities). Loved you sentence "first your allow, then you block" cristal clear! Cheers from France
Thank you for the helpful video on using Cloudflare to allow/block specific traffic. I want to restrict access to my website to allow traffic only from the USA or AHREFS IP addresses. Unfortunately, AHREFS has numerous IPs, so I'll have to modify whatever expression example you might provide to me so I can cover all AHREFS IPs. Would you give a sample expression to accomplish my goal?
ALSO Sir, The process i used to create the certificate to install it in my client machine is first i get the pem and key file from cloudflare create client certificate option and then use these commands openssl pkcs12 -export -out 03_abccert.pfx -inkey 1_key.key -in 1_pem.pem which gives me single file of pfx which i installed into the client machine and than client able to use my web application.
Hi I have cloudflare firewall rules in my website which blocks the backend for admin I did the rules for blocking hackers. When the firewall is activated the SMTP contact form does not work. Any suggestions?
In short it will be a very helpful for the community if you create the video about the usage of client certificate verified firewall rule. and how to install certificate in client machine.
Thank you for this excellent tutorial on Cloudflare Firewall Rules. One question: can one set a rule to block access to the wp-admin (and/or wp-login.php), except for a specific IP address? If so, how.
you would setup 1 rules rule 1 - uri contains wp-admin AND ip source address "is not in" [your ip address(es) THEN block (expression preview = (http.request.uri contains "wp-admin" and not ip.src in {x.x.x.x y.y.y.y})
@@Astralwebincloves is it normal for there to be 2 A records under cloudflare DNS for the same domain name? I have two A records listed with two ip addresses that point to amazon….i posted this question on another of your videos…so i apologize for the redundancy.
@@redstormsju777 in general there can only be 1 A record per domain. If you have other subdomains or other addresses you could have more than 1 A record. Can you share the domain name or a screenshot so i can help verify the exact data?
Thanks for the explanation. I would like to know, what are my options to create a rule(s) that: Would block everyone from a specific country but allow certain users. The users would not be very technical to set cookies. Cannot depend on them for any configurations. I have thought of using IP but that would be dynamic and user agents may not be unique I believe. Any other options?
there are multiple ways to achieve this. an interested method is to ask you developer to make a tiny page (for example domain.com/add which any visitor that goes to this page the code of the page will add a special cookie for them and then they will be able to access the rest of the site. let me know if that makes sense.
@@Astralwebincloves Yes it makes sense. Thanks. However any bad bots or malicious actors scanning the site for all subdirectories/urls could end up on the page and then access the site as well. Could you please share some more options & ideas? What about client certificates? Any guidelines on how to install that in a simple way?
I’m fuzzy about the cookie example, I don’t play around on the website space very much but I was understood the cookies were issued by websites to store information on a computer browser but I didn’t know you could populate some sort of cookie in your own browser as almost like an information token when you connect to a website. Am I misunderstanding or is that how it works?
@@Astralwebincloves I actually had no idea that was an option, interesting. I wonder where one can figures these things on the browser, but I’ll take a look when I can sit down to a computer I suppose.
@@ColinMcRaeVIT you can search on youtube, but in short, you go to "inspect" on your chrome browser -> application tab -> cookies and add or edit your own
Hello I am facing issue in cloudflare firewall rule based on client certificate verified option. Actually I have apply the rule on the basis of client certificate verified option. For that I have create the client certificate from cloudflare and install it on client machine. But it is not consistent some time it works fine but it gives access denied error to the client some time.
Thank you, exactly what I was looking for (confused with priorities). Loved you sentence "first your allow, then you block" cristal clear! Cheers from France
Happy to hear it helped!
Life saver. Please make more videos about Cloudflare WAF.
Happy to hear! Any particular parts of waf you’re looking for?
Thanks for giving this video. Kindly example related to JS Challenge action
Great Tutorial, I was looking for this tutorial
Can I use it to block any traffic that comes to my website redirected from a specific domain?
Thank you for the helpful video on using Cloudflare to allow/block specific traffic. I want to restrict access to my website to allow traffic only from the USA or AHREFS IP addresses. Unfortunately, AHREFS has numerous IPs, so I'll have to modify whatever expression example you might provide to me so I can cover all AHREFS IPs. Would you give a sample expression to accomplish my goal?
ALSO Sir, The process i used to create the certificate to install it in my client machine is first i get the pem and key file from cloudflare create client certificate option and then use these commands
openssl pkcs12 -export -out 03_abccert.pfx -inkey 1_key.key -in 1_pem.pem
which gives me single file of pfx which i installed into the client machine and than client able to use my web application.
Hi. Can this method be used to serve 410 codes on pages?
Hi I have cloudflare firewall rules in my website which blocks the backend for admin I did the rules for blocking hackers. When the firewall is activated the SMTP contact form does not work. Any suggestions?
In short it will be a very helpful for the community if you create the video about the usage of client certificate verified firewall rule. and how to install certificate in client machine.
Thanks for this video, very helpful. If we want to block BOT access to one of the directories /testdrive/ but allow all user access, is that possible?
your welcome. you can setup a WAF rule that checks the URI path for a specific directory and blocks traffic for "known bots"
Thank you for this excellent tutorial on Cloudflare Firewall Rules. One question: can one set a rule to block access to the wp-admin (and/or wp-login.php), except for a specific IP address? If so, how.
you would setup 1 rules
rule 1 - uri contains wp-admin AND ip source address "is not in" [your ip address(es) THEN block
(expression preview = (http.request.uri contains "wp-admin" and not ip.src in {x.x.x.x y.y.y.y})
Excellent…THANK YOU
Your welcome
@@Astralwebincloves is it normal for there to be 2 A records under cloudflare DNS for the same domain name? I have two A records listed with two ip addresses that point to amazon….i posted this question on another of your videos…so i apologize for the redundancy.
@@redstormsju777 in general there can only be 1 A record per domain. If you have other subdomains or other addresses you could have more than 1 A record. Can you share the domain name or a screenshot so i can help verify the exact data?
@@Astralwebincloves is there an email address I can send you a screenshot to?
@@redstormsju777 check the email at our youtube profile page - th-cam.com/users/Astralwebinclovesabout
Thanks for the explanation.
I would like to know, what are my options to create a rule(s) that:
Would block everyone from a specific country but allow certain users.
The users would not be very technical to set cookies. Cannot depend on them for any configurations.
I have thought of using IP but that would be dynamic and user agents may not be unique I believe. Any other options?
there are multiple ways to achieve this. an interested method is to ask you developer to make a tiny page (for example domain.com/add which any visitor that goes to this page the code of the page will add a special cookie for them and then they will be able to access the rest of the site. let me know if that makes sense.
@@Astralwebincloves Yes it makes sense. Thanks.
However any bad bots or malicious actors scanning the site for all subdirectories/urls could end up on the page and then access the site as well. Could you please share some more options & ideas?
What about client certificates? Any guidelines on how to install that in a simple way?
@@Vacayscout you can create a url that is very hard to guess
I’m fuzzy about the cookie example, I don’t play around on the website space very much but I was understood the cookies were issued by websites to store information on a computer browser but I didn’t know you could populate some sort of cookie in your own browser as almost like an information token when you connect to a website. Am I misunderstanding or is that how it works?
yes you understood it correctly.
@@Astralwebincloves I actually had no idea that was an option, interesting. I wonder where one can figures these things on the browser, but I’ll take a look when I can sit down to a computer I suppose.
@@ColinMcRaeVIT you can search on youtube, but in short, you go to "inspect" on your chrome browser -> application tab -> cookies and add or edit your own
@@Astralwebincloves Will take a look next time I’m in the office, thanks!
@@ColinMcRaeVIT :)
there is no "allow" option, is it the "skip"?
Hello I am facing issue in cloudflare firewall rule based on client certificate verified option.
Actually I have apply the rule on the basis of client certificate verified option. For that I have create the client certificate from cloudflare and install it on client machine. But it is not consistent some time it works fine but it gives access denied error to the client some time.
how to allow certain ports in firewall cloudflare ?
ports are not included in cloudflare. that would have to be on server level
why does not firewall option come up on my cloudflare. And when im trying to go to the site opensea it says error 1020 (Access denied) plz help
seems that these use cloudflare and their firewall rules blocked you.
how i block vpn and fake traffic
How I will stop scrappers by stealing my content by using my website feed..
use the scraper feature in cloudflare and remove your feed from site
thanks
your welcome.
@@Astralwebincloves question why the wp-admin not blocked by the zone settings? by the tools section
@@marcoFVD do you mean in video or in your specific case? can you explain more