I would like to block a string of characters:
E2%80%A6
This particular grouping is appended to the tail end of a legitimate file name, i.e.,:
/2020-09/_MG_9631%E2%80%A6
Would I create a firewall rule like this?
(http.request.uri.path contains ("/2020-09/_MG_9631%E2%80%A6")
Thank you for any advice.
The firewall rule engine works with decoded characters, so you’d need to set up this
(http.request.uri.path contains "/2020-09/_MG_9631…")
Though I’d probably rather use eq unless you really need contains.
Just a tip, if this is targeting static files (some attacks add a random query string to attempt bypass cache), you can cache certain paths and set them to ignore query string, it would “block” the attack by redirecting it to the CDN.
Thanks… I have a page rule that caches all static images in a certain path… but I am not sure how to set them to ignore the query string. I am on the pro plan. Is this option available to me? Thanks.
Thanks… I will give this a try. Appreciate your time.