CloudFlare Blocking

CloudFlare Blocking

WAF Rules

Block Sensitive

This is to drop everything to a few sub-domains unless it is from the united states.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
(http.host in 
{
    "bitwarden.mindlesstux.com"
    "guacamole.mindlesstux.com"
    "adminer.mindlesstux.com"
    "adminer.dacentec.mindlesstux.com"
    "andromeda-cockpit-lan.mindlesstux.com"
    "hastebin.mindlesstux.com"
    "home-assistant.mindlesstux.com"
    "nodered.dacentec.mindlesstux.com"
    "phpmyadmin.mindlesstux.com"
    "r420-cockpit-dacentec.mindlesstux.com"
    "r420-ssh-dacentec.mindlesstux.com"
    "routervm-cockpit-lan.mindlesstux.com"
    "sshwifty-dec.mindlesstux.com"
    "synology1.mindlesstux.com"
    "synology2.mindlesstux.com"
    " portainer.mindlesstux.com"
    " ombi.mindlesstux.com"
    }
and not ip.geoip.country in {"US"})

Allow Matrix

Allows all traffic for Matrix

1
2
3
(http.request.uri.path contains "/.well-known/matrix/") 
or (http.request.uri.path contains "/_matrix/") 
or (http.host eq "matrix.mindlesstux.com")

Allow Mastodon

Allows all traffic for Mastodon

1
(http.host eq "mastodon.mindlesstux.com")

JS Challenge

This is to drop country and ASN traffic that I find have been causing problems.

1
2
(ip.geoip.country in {"CN" "IR" "IQ" "RU" "T1" "VN"}) or 
(ip.geoip.asnum in {13238 395954 9009 8100 207651 212238 203020 36352 201011 30542 201011 64249 15969 13737 60068 33576})

If source is from one of the following countries or from the Tor network the traffic will be challenged.

  • China
  • Iran
  • Iraq
  • Russian Federation
  • Vietnam

If source is from one of the follwoing ASNs traffice will be challenged. Reason for being blanket challened is bot traffic and content spam that is out of control.

ASN ASName OrgName
13238 YANDEX YANDEX LLC
395954 LEASEWEB-USA-LAX Leaseweb USA, Inc.
9009 M247 M247 Europe SRL
8100 ASN-QUADRANET-GLOBAL QuadraNet Enterprises LLC
207651 VDSINA-NL Hosting technology LTD
212238 CDNEXT Datacamp Limited
203020 HostRoyale HostRoyale Technologies Pvt Ltd
36352 AS-COLOCROSSING ColoCrossing
201011 CORE-BACKBONE Core-Backbone GmbH
30542 MOVI-R-TECH-SOLUTIONS MOVI-R
201011 CORE-BACKBONE Core-Backbone GmbH
64249 ENDOFFICE Charles River Operation
15969 Systemia-AS Systemia.pl Sp. z o.o.
13737 AS-INCX INCX Global, LLC
60068 CDN77 Datacamp Limited
33576 DIG001 Digicel Jamaica

Site last built .
© MindlessTux. Some rights reserved.

Using the Chirpy theme for Jekyll.