Very interesting! However, I think if CHALLENGE was the action, I'd just challenge everyone outside the forum's base country. For us, we'd challenge everyone outside US and Canada. This is certainly an intriguing option! Thank you.
(http.request.uri.path contains "/misc/contact") or (http.request.uri.path contains "/register") or (http.request.uri.path contains "/?register" and ip.geoip.country in {"AF" "DZ" "AO" "AM" "AZ" "BH" "BD" "BY" "BJ" "BT" "BA" "BW" "BN" "BG" "BF" "BI" "KH" "CM" "CF" "CV" "TD" "CN" "CG" "CD" "CI" "HR" "CZ" "DJ" "EG" "GQ" "ER" "EE" "ET" "GF" "GA" "GM" "GE" "GH" "GW" "GN" "HT" "HU" "IN" "ID" "IR" "IQ" "JO" "KZ" "KP" "KR" "KE" "XK" "KW" "KG" "LA" "LV" "LB" "LS" "LR" "LY" "LT" "MK" "MG" "MW" "MY" "ML" "MR" "YT" "MD" "MN" "ME" "MA" "MZ" "MM" "NA" "NP" "NE" "NG" "OM" "PK" "PG" "PL" "RO" "QA" "RU" "RW" "SA" "SY" "ZM" "XX" "T1" "ZW" "YE" "EH" "TN" "TM" "AE" "UZ" "TR" "UY" "VN" "UG" "TJ" "SR" "SD" "SZ" "LK" "SS" "VE" "UA" "TG" "SO" "SI" "SL" "RS" "SN" "SK" "TZ" "TH" "TL"})Excellent idea!
It's an expression: https://developers.cloudflare.com/firewall/cf-firewall-rules/fields-and-expressions/
Depends what you want. You are allowing the world, but blocking registration. My site is global, but English speaking, so I want people to be able to register from around the world who speak English and require the community.
Oops! We ran into some problems.
The requested page could not be found.https://www.domain.tld/register/?_xfRequestUri=/&_xfWithData=1&_xfToken=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&_xfResponseType=json<head> <title>Attention Required! | Cloudflare</title> <meta name="captcha-bypass" id="captcha-bypass" /> <meta charset="UTF-8" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,projection" /> <!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" type="text/css" media="screen,projection" /><![endif]--> <style type="text/css">body{margin:0;padding:0}</style>So I've been struggling with trying to understand how to put this into Firewall Rules. (I'm assuming the paid But Management does it all for you?)
{{ link('register') }}data-xf-click="overlay"You're right; excellent food for thought.
developers.cloudflare.com
As allow takes precedence over block and challenge, you allow known good bots, then below that you would instigate your block or challenge rules, thus blocking or challenging ALL bots from those that meet the rule, but allowing known good bots automatically from those rules.The table below lists the actions available in Firewall Rules. These actions are listed in order of precedence. If the same request matches two different rules which have the same priority, precedence determines the action to take.Actions · Cloudflare Firewall Rules docs
Create rules that examine incoming HTTP traffic against a set of powerful filters to block, challenge, log, or allow matching requests.
For example, the Allow action takes precedence over the Block action. In a case where a request matches a rule with the Allow action and another with the Block action, precedence resolves the tie, and Cloudflare allows the request.
The only exception to this behavior involves the Log action. Unlike the other actions, Log does not terminate further evaluation within Firewall Rules. This means that if a request matches two different rules and one of those rules specifies the Log action, the second action will be triggered instead, even though Log has precedence. Although Firewall Rules would not trigger the Log action in this case, Firewall Analytics would still record the hit as an “additional match.”
