06-26-2025 11:06 AM
Like many of you, I default block outbound traffic to sites not located in my country. It seems that Cloudflare has started to send traffic to their proxies located in foreign countries. This is causing our users to get blocked. I can add the web site to our list of internationally allowed web sites, but we have had several instances of this happening this week. Cloudflare has been fronting a lot of malicious sites recently, and is now breaking our geo restrictions.
Anyone have any good suggestions? Right now all I am seeing is to either hope that most issues are transient and ignore them, add each site to our international allow list, or as a last resort put the Cloudflare IPs in the great white north on our allow list.
Anyone have any better ways to handle this?
06-26-2025 11:50 AM
I would actually question how many people are doing _outbound_ geoblocking this extensively. It's not uncommon to have select locations (IE: China, Russia, etc.) blocked for outbound traffic, but it's fairly rare that I see anyone specifying outbound traffic to solely their own country.
I'm actually more surprised that you haven't run into issues with this extensively previously. Just in one environment I can take a quick glance and there's common resources from a lot of common resources that aren't processed locally in the United States.
Do you have any reason why you're being so restrictive with outbound traffic? Could you expand that to include common countries seen in your environment that could be deemed "friendly"? Just a brief glance and I'm seeing a large amount of traffic in just a single environment from places like Microsoft and Facebook being recorded outside of the United States, and I have to imagine that out of any country we likely have the most amount of 'local' resources being accessed versus someone living in any other country.
06-26-2025 01:23 PM
Historically we have been able to block all foreign traffic, and then allow by exception, just like what we should be doing for all firewall traffic. Maybe that's stricter than most, but in the 19 years I have been with my company, we have only had an attacker get inside once, and not very far.
It turns out that I have been blaming Cloudflare, but it's actually Akamai that started to give us grief.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
