To all Expert,
I always found on google search Cloudflare >> Firewall Rules for WordPress site.
Looking for Opencart v3 Cloudflare >> Firewall Rules.
Below are the rules for WP, if anybody can convert to Opencart requirement will be helpful.
"WP rules quote"
1. (http.request.uri.path contains "/wp-admin/" and not http.request.uri.path contains "/wp-admin/admin-ajax.php" and not http.request.uri.path contains "/wp-admin/theme-editor.php")
2. (http.request.uri.path contains "/wp-login.php")
3. (http.request.uri.path contains "/xmlrpc.php")
4. (http.request.uri.path contains "/wp-content/plugins/" and not http.referer contains "your-domain-name.com" and not cf.client.bot)
5. (http.request.uri.path eq "/wp-comments-post.php" and http.request.method eq "POST" and not http.referer contains "your-domain-name.com")
Don't Forget to Allow your own IP address using the "Tools" Tab.
"WP rules Unquote"
If anybody can't, please don't skip this issue by giving any reason, just try to understand why Opencart can't have such CloudFlare >> Firewall rules.
Regards,
Ron
Well, you forgot, to mention, how much whis would be worth to
you to know, Experts usually don't come for free ...
Ernie
you to know, Experts usually don't come for free ...
Ernie
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
I haven't found the need to set up much in the firewall rules, although I have fail2ban running and making API calls to Cloudflare when it finds something it doesn't like. In talking with Cloudflare, it seems I may need to set up a rule to challenge anyone using x-forward-for because I'm seeing some weird things with the odd cases where that's used, but still gathering data on that for now.
Aside from turning on the built in firewall options, I do find blocking the nasty ASN's in the Firewall > Tools to be very effective. I would suggest blocking these ASN's -
AS63128
AS393886
AS209366
AS23028
AS26769
AS12989
AS53340
AS33438
AS9009
AS16276
I also have all countries outside of my targeted audiences set up to be javascript challenged via Firewall > Tools. You could set up a firewall rule to do this, but I just put them in one by one. The country code list is here -
https://support.cloudflare.com/hc/en-us ... A0FOWD2bbZ
And I'd suggest setting the rate limit under Firewall > Tools I currently have it set at 250 requests per 10 seconds, JS Challenge which seems to be working well
Hope that helps
Aside from turning on the built in firewall options, I do find blocking the nasty ASN's in the Firewall > Tools to be very effective. I would suggest blocking these ASN's -
AS63128
AS393886
AS209366
AS23028
AS26769
AS12989
AS53340
AS33438
AS9009
AS16276
I also have all countries outside of my targeted audiences set up to be javascript challenged via Firewall > Tools. You could set up a firewall rule to do this, but I just put them in one by one. The country code list is here -
https://support.cloudflare.com/hc/en-us ... A0FOWD2bbZ
And I'd suggest setting the rate limit under Firewall > Tools I currently have it set at 250 requests per 10 seconds, JS Challenge which seems to be working well
Hope that helps
Jim
https://www.carguygarage.com
Yahoo Store since 2006 moved to OpenCart on January 24, 2020
So I changed this up a bit, figured I'd update this post to help anyone else.
The problem was that the images for my marketing emails were getting blocked for people who were outside of my targeted countries. The images were getting a JS challenge, but because they were being loaded in emails, that browser based challenge was not happening and the images were just blocked. Also because the countries were set in the Firewall > Tools the priority seemed to be over Firewall > Rules, so I had to make some changes to the setup.
First, I removed all the country challenges from Firewall > Tools.
Next set up a Firewall > Rule of (ip.geoip.country ne "US" and ip.geoip.country ne "CA") to JS Challenge with priority 2000
And also set up a Firewall > Rule of (http.request.uri.path contains "/newsletter/") to Allow with a priority 1000
This now allows all the email images which are in the folder /newsletter/ to load for everyone (nothing else is in the folder.) And if you visit the web site outside of the US or Canada you get a JS Challenge screen that does a quick browser check.
The problem was that the images for my marketing emails were getting blocked for people who were outside of my targeted countries. The images were getting a JS challenge, but because they were being loaded in emails, that browser based challenge was not happening and the images were just blocked. Also because the countries were set in the Firewall > Tools the priority seemed to be over Firewall > Rules, so I had to make some changes to the setup.
First, I removed all the country challenges from Firewall > Tools.
Next set up a Firewall > Rule of (ip.geoip.country ne "US" and ip.geoip.country ne "CA") to JS Challenge with priority 2000
And also set up a Firewall > Rule of (http.request.uri.path contains "/newsletter/") to Allow with a priority 1000
This now allows all the email images which are in the folder /newsletter/ to load for everyone (nothing else is in the folder.) And if you visit the web site outside of the US or Canada you get a JS Challenge screen that does a quick browser check.
Jim
https://www.carguygarage.com
Yahoo Store since 2006 moved to OpenCart on January 24, 2020
Who is online
Users browsing this forum: No registered users and 139 guests
