Skip to content
Firewall
Visit Firewall on GitHub
Set theme to dark (⇧+D)

Update firewall rules for customers or partners

You may want to adjust your firewall rules to increase access by customers or partners.

Potential examples include:

  • Removing rate limiting for an API
  • Sharing brand assets and marketing materials

Update firewall rules by ASN

If a customer or partner is large enough, you could set up a firewall rule based on an autonomous system number (ASN).

Allow traffic by ASN

This example uses:

  • ip.geoip.asnum to specify the general region
  • The cf.bot_management.score dynamic field to ensure partner traffic does not come from bots
ExpressionAction
(ip.geoip.asnum eq 12345 and cf.bot_management.score gt 30)Allow

Adjust rules by ASN

This example uses:

  • ip.geoip.asnum to specify the general region
  • The cf.threat_score dynamic field to ensure requests are not high-risk traffic

If a request meets these criteria, your firewall bypasses normal User Agent Block rules.

ExpressionAction
(ip.geoip.asnum eq 12345 and cf.threat_score lt 14)Bypass - User Agent Block

Update firewall rules by IP

For smaller organizations, you could set up firewall rules based on IP addresses.

Allow traffic by IP address

This example:

  • Specifies the network and host
  • Uses the cf.bot_management.score dynamic field to ensure requests are not high-risk traffic
ExpressionAction
(ip.src eq 1.1.1.1 and http.host eq "example.com" and cf.bot_management.score gt 30)Allow

Adjust rules by IP address

This example specifies the network and host.

If a request meets these criteria, your firewall bypasses normal Rate Limiting rules.

ExpressionAction
(ip.src eq 1.1.1.1 and http.host eq "example.com")Bypass - Rate Limiting