diff --git a/src/content/docs/spectrum/reference/limitations.mdx b/src/content/docs/spectrum/reference/limitations.mdx index b7a15ef58a64092..375ad0ba291df7b 100644 --- a/src/content/docs/spectrum/reference/limitations.mdx +++ b/src/content/docs/spectrum/reference/limitations.mdx @@ -2,7 +2,6 @@ pcx_content_type: reference title: Limitations weight: 0 - --- The following limitations apply to different protocols supported by Spectrum. @@ -45,3 +44,9 @@ By default, Spectrum is configured to listen on all ports, which can raise conce When a TCP handshake is initiated to any port for a Spectrum IP, the handshake will always be completed. If there is a Spectrum application configured for the port, the connection will be proxied to origin. If no application is configured, the connection is immediately terminated and no origin connection will be opened. Spectrum will only ever proxy traffic to an origin if there is a Spectrum application configured for that port. + +## IP access control + +Currently, [custom rules](/waf/custom-rules/) do not work with Spectrum applications. Use [IP Access rules](/waf/tools/ip-access-rules/) to allowlist, block, and challenge traffic for Spectrum applications based on the request's IP address, Autonomous System Number (ASN), or country. + +Refer to [Configuration options](/spectrum/reference/configuration-options/#ip-access-rules) for more information. diff --git a/src/content/docs/waf/tools/ip-access-rules/create.mdx b/src/content/docs/waf/tools/ip-access-rules/create.mdx index 5f80ff482140fbb..ab51cd1652f083f 100644 --- a/src/content/docs/waf/tools/ip-access-rules/create.mdx +++ b/src/content/docs/waf/tools/ip-access-rules/create.mdx @@ -8,14 +8,14 @@ sidebar: import { TabItem, Tabs, Steps, DashButton } from "~/components"; -:::caution[Recommendation: Use custom rules instead] +:::tip[Recommendation: Use custom rules instead] Cloudflare recommends that you create [custom rules](/waf/custom-rules/) instead of IP Access rules to perform IP-based or geography-based blocking (geoblocking). ::: :::note -IP Access Rules are only available in the new security dashboard if you have configured at least one IP access rule. Cloudflare recommends that you use [custom rules](/waf/custom-rules/) instead of IP Access Rules. +IP Access Rules are only available in the new security dashboard if you have configured at least one IP access rule. :::