Update firewall rules for customers or partners
You may want to adjust your firewall rules to increase access by customers or partners.
Potential examples include:
- Removing rate limiting for an API
- Sharing brand assets and marketing materials
Update firewall rules by ASN
If a customer or partner is large enough, you could set up a firewall rule based on an autonomous system number (ASN).
Allow traffic by ASN
This example uses:
- The
ip.geoip.asnumfield to specify the general region - The
cf.bot_management.scoredynamic field to ensure partner traffic does not come from bots
| Expression | Action |
|---|---|
(ip.geoip.asnum eq 12345 and cf.bot_management.score gt 30) | Allow |
Adjust rules by ASN
This example uses:
- The
ip.geoip.asnumfield to specify the general region. - The
cf.threat_scoredynamic field to ensure requests are not high-risk traffic.
If a request meets these criteria, your firewall bypasses normal User Agent Block rules.
| Expression | Action |
|---|---|
(ip.geoip.asnum eq 12345 and cf.threat_score lt 14) | Bypass - User Agent Block |
Update firewall rules by IP
For smaller organizations, you could set up firewall rules based on IP addresses.
Allow traffic by IP address
This example:
- Specifies the network and host.
- Uses the
cf.bot_management.scoredynamic field to ensure requests are not high-risk traffic.
| Expression | Action |
|---|---|
(ip.src eq 1.1.1.1 and http.host eq "example.com" and cf.bot_management.score gt 30) | Allow |
Adjust rules by IP address
This example specifies the network and host.
If a request meets these criteria, your firewall bypasses rate limiting rules.
| Expression | Action |
|---|---|
(ip.src eq 1.1.1.1 and http.host eq "example.com") | Bypass - Rate Limiting |