1 rule to block both with and without /

when I use uri path equals /wp-content/uploads
I can access the page by adding / at the end mysite.com/wp-content/uploads/

and if i use uri path equals /wp-content/uploads/
still can access the page mysite.com/wp-content/uploads

is there a way to block both other than adding 2 separate rules

I think the Web browser itself is either adding the trailing slash at the end of URLs, so I do not see a point of blocking it.

And if you block it, why so?

In some cases, the non-trailing slash and trailing slash version don’t redirect to the correct version. This can cause issues with crawling and duplicate content.

I might be wrong to understand the point, but I would recommend you to configure your origin host / server to not show the list of indexes, if worried about that?, either have an empty index.php file inside /uploads/ directory (if not by default).

If using Apache and .htaccesss file, it’s done by adding below line (usually returns the 403 Forbidden error) when someone tries listing the contents of the directory:

  • Options All -Indexes

If using Nginx an .vhost file:

location /somedir {
    autoindex off;

It’s about URL rewriting / format.

Helpful articles:

why dont you offload it to cloudflare instead of htaccess ?
why to allow unneeded hits if that page should not be accessed from outside

I use “contains” when I want a broader match. Like CONTAINS: content/uploads

yes. But that will block all sub pages

I only need equals for 2 pages

Oh, I see.

You won’t need two separate rules. You can do this with an OR in the same rule.

you mean these:

I know I am using 1 rule that includes bunch of pages. But just wanted to not type it twice with and without the / slash

Unfortunately, you’d need a Business or Enterprise plan to use Regex in Firewall Rules.

Could you please direct me to some document to see how to do it with regex

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.