Internet and Networking

Blocking Traffic From Single or Multiple Countries With Cloudflare

It is not uncommon for website operators to experience a surge of traffic originating from a specific country or, in many cases, multiple countries.

These extra hits to the site are not only utilizing the servers, which in many cases might precisely be the point. However, in others, the visits are motivated by various malicious intents such as generating frauds, creating login attacks, propagating fake clicks, attempting to hack security systems, etc.

Anyone who oversees a website’s security and threat protection policies knows that, more often than not, part of the job description also comes down to identifying and blocking traffic from an entire country or doing the same for more than one country.

Thankfully, if your site is on Cloudflare, there is a way to quickly block traffic from several countries or just a single one by creating a firewall rule hosted under its Security section.

Step-by-Step Guide to Blocking Traffic From Just One, or Many Countries With Cloudflare

Step 1: Head Over to the WAF (Web Application Firewall) App From the “Security” Tab

For the applicable website, go to the Security tab and then click on the WAF option as depicted in the image below.

navigating to WAF (Web Application Firewall) in Cloudflare
As shown, navigate to WAF inside Cloudflare as your first step towards blocking traffic from one country or many.

Step 2: Click on the ‘Create firewall rule’ Button

As soon as you enter the WAF in Cloudflare, one of the first eye-catching choices you may see is to create a firewall rule. Typically, that button has a blue-ish background color, as demonstrated in the screenshot underneath.

creating a firewall rule in Cloudflare
Select the ‘Create firewall rule’ button as step 2 for blocking traffic from specific countries with Cloudflare.

Side note: This methodology should also work for folks on the free Cloudflare plan because, if not mistaken, they get five firewall rules instead of 20 with the Pro Plan. If you aren’t sure, talk to their customer service.

Step 3: Configure the Firewall Rule To Block Traffic From Either One Country or Many

Configuring the firewall rule involves the following three things:

  1. Assigning a name to your firewall rule.
  2. Deciding pattern matching rules for “Incoming requests” to the site.
  3. Determining what to do when traffic rules match the pattern described in bullet two above. The choices typically are:
    • Managed Challenge
    • Block: This is what needs to be used to block traffic.
    • JS Challenge
    • Allow
    • Bypass
    • Legacy CAPTCHA

What To Have for Incoming Requests Pattern Matching Rules – In Order To Block Traffic From an Entire Country or Countries in Cloudflare

  • In the “Field” dropdown, choose Country.
  • Next, in the “Operator” dropdown, choose equals if the intent is to block traffic from one country only, or choose is in, if wanting to stop traffic from more than one.
  • Finally, in the “Value” field, select the country or countries from which you want to block or disallow traffic. (Check out the screenshot below to see what to have if blocking traffic from the United States and Tunisia, as an example).
An example of blocking traffic from United States and Tunisian in Cloudflare
An example in Cloudflare, which shows blocking traffic to a website from the United States and Tunisia.

Step 4: Deploying the Firewall Rule

Once you’re satisfied with your settings, deploying that rule to your production website is the only remaining step.

At the bottom of the firewall rule settings, and just before the footer, there will be a button titled ‘Deploy firewall rule.’ Click on it to push the changes to your live site.

You May Also Want to Check Out:

In Closing

As we can see, blocking traffic from any country in Cloudflare is a matter of only a few clicks.

Plus, don’t forget that you can always come back to delete the rule, make tweaks to it, or even input an extra “and” or “or” condition rule for additional pattern matching.

The point is, once you deploy a firewall rule, it’s not like you’ve used your quota of 1 rule, and that it’s something that cannot be undone.