Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 2 subscribers
  • Views 6209 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block subnet before hitting WAF

ehofstede
Hi,

Does anybody know how/if I can block an IP/Subnet before traffic, originating from that IP/Subnet, arrives at the WAF/Reverse Proxy server?

I created a block rule for one IP address, saying;
From IP - Service ANY - Destination ANY - Action DROP
And I put it on top of the rule set.

And still, when accessing the website that's behind the WAF/Reverse proxy, they get to see the webpage. And it's not browser cache or someting, I actually see the lines appear in the live log of WAF.

When I block the entire country where that IP originates from, yes, than traffic is blocked. But that's not what I want, I want to be able to block traffic from one IP or one Subnet.

Thanks!
Regards,
Erwin.


This thread was automatically locked due to age.
Parents
  • 0
    Hi,
    @Mod,
    I'm using 9.307-6 and when I delete ANY from the allowed list nobody can access the site. Strange if the behaviour is different with you...

    @Bob,
    It seems like you're right. That wasn't what I experienced yesterday. Now I leave ANY in allowed and the subnet I want to block in deny and now the UTM blocks access to the site from that subnet. It only takes a few seconds for the UTM to apply the settings, but now it seems to do what I want. [:)]

    Thanks!
  • 0 in reply to ehofstede
    Hi,
    @Mod,
    I'm using 9.307-6 and when I delete ANY from the allowed list nobody can access the site. Strange if the behaviour is different with you..

    !

    that's Strange, I'll Test this one More time
Reply Children
No Data