How does Cloudflare Firwall rules order work?

cloudflare

Solution 1:

It depends ...

By default, Cloudflare evaluates firewall rules in list order, where rules are evaluated in the order they appear in the Rules List.

Once there are more than 200 total rules (including inactive rules), you must manage evaluation using priority ordering, in which Cloudflare evaluates firewall rules in order of their priority number, starting with the lowest.

Source: https://developers.cloudflare.com/firewall/cf-dashboard/create-edit-delete-rules/

When a http request gets evaluated in list order and the request matches an expression the associated action determines what happens next.

Most actions are an exit and no further firewall rules will be evaluated for that request. You would describe this also as ”first match”

When ”priority ordering” is used there can be multiple expressions with the same priority, they will all be evaluated and a http request can match several expressions concurrently.
Then the precedence of the action determines what will happen. The allow action has precedence over the block action.

Again after a match most actions are an exit and no further firewall rules of lower priority will be evaluated for that request.

https://developers.cloudflare.com/firewall/cf-firewall-rules/actions/

———

In list ordering

Rule 1: Block ASN
Rule 2: Allow IP

The request from IP will match rule 1 and the request will be blocked. Rule 2 will not be evaluated.
To exempt the IP the rule order needs to be reversed.

On the other hand in priority ordering:

Priority 2 : Rule 1: Block ASN
Priority 2 : Rule 2: Allow IP

The request from IP matches both rules. The Allow action has greater precedence than the Block action and thus the request will be allowed.

Related

Apache HTTPS redirect to Tomcat web folder
SELinux setup for MongoDB
How to install "Minimal Ubuntu" onto virtual machine
Script without put ran as administrator leaves no file [closed]
Need new GLIBC on Centos 6 to use PyTorch on GPUs
Trying to auto-register a Nagios NSCA client
Adjust frequency of Windows Time sync
Private Google Kubernetes cluster can't download images from Google Container Engine
How to configure log rotate to compress and archive logs weekly [closed]
Removing non-present hardware with Devcon?
Kubernetes API-server wont' start after reboot
WinPE/Wim imaging - Boot issue after imaging, require reboot after to fix MBR